when-auditing-security-use-security-analyzer

Solid

Comprehensive security auditing across static analysis, dynamic testing, dependency vulnerabilities, secrets detection, and OWASP compliance

Testing & QA 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%
84
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
0
Description 5%
100

Skill Content

# Security Analyzer - Comprehensive Security Auditing Skill ## Overview This skill provides multi-vector security analysis combining static code analysis, dynamic testing, dependency auditing, secrets detection, and OWASP Top 10 compliance checking. Uses coordinated agents with validation gates between phases. ## Architecture ``` Security Manager (Coordinator) ├─→ Phase 1: Static Analysis (Code Analyzer) ├─→ Phase 2: Dynamic Testing (Tester) ├─→ Phase 3: Dependency Audit (Security Manager) ├─→ Phase 4: Secrets Detection (Code Analyzer) └─→ Phase 5: Compliance Check (Security Manager) ``` ## Phase 1: Static Code Analysis ### Objective Identify code-level vulnerabilities, security anti-patterns, and unsafe practices. ### Security Manager Setup ```bash # Initialize security audit session npx claude-flow@alpha hooks pre-task --description "Security static analysis initialization" npx claude-flow@alpha hooks session-restore --session-id "security-audit-${DATE}" # Set up memory namespace npx claude-flow@alpha memory store \ --key "swarm/security/config" \ --value '{ "scan_type": "static", "severity_threshold": "medium", "frameworks": ["owasp", "cwe"], "timestamp": "'$(date -Iseconds)'" }' ``` ### Code Analyzer Execution ```bash # Spawn code analyzer agent for static analysis # Agent performs: # 1. SQL Injection Detection npx claude-flow@alpha hooks pre-task --description "SQL injection vulnerability scan" # Scan patterns: # ❌ VUL...

Details

Author
aiskillstore
Repository
aiskillstore/marketplace
Created
5 months ago
Last Updated
today
Language
Python
License
None

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Listed

security-analyzer

Comprehensive security vulnerability analysis for codebases and infrastructure. Scans dependencies (npm, pip, gem, go, cargo), containers (Docker, Kubernetes), cloud IaC (Terraform, CloudFormation), and detects secrets exposure. Fetches live CVE data from OSV.dev, calculates risk scores, and generates phased remediation plans with TDD validation tests. Use when users mention security scan, vulnerability, CVE, exploit, security audit, penetration test, OWASP, hardening, dependency audit, container security, or want to improve security posture.

335 Updated today
aiskillstore
AI & Automation Solid

performing-security-audits

This skill allows Claude to conduct comprehensive security audits of code, infrastructure, and configurations. It leverages various tools within the security-pro-pack plugin, including vulnerability scanning, compliance checking, cryptography review, and infrastructure security analysis. Use this skill when a user requests a "security audit," "vulnerability assessment," "compliance review," or any task involving identifying and mitigating security risks. It helps to ensure code and systems adhere to security best practices and compliance standards.

2,274 Updated today
jeremylongshore
AI & Automation Solid

security-audit

Deep security audit covering OWASP Top 10, authentication, authorization, data protection, dependency vulnerabilities, and secrets scanning. Delegates to the Centinela (QA) agent.

2,996 Updated yesterday
davepoon
AI & Automation Solid

security-audit

Security scanning and vulnerability detection. Use when: authentication, authorization, payment processing, user data. Skip when: read-only operations, internal tooling.

57,130 Updated today
ruvnet
AI & Automation Listed

security

Security audit workflow - vulnerability scan → verification

3,795 Updated 4 months ago
parcadei