skill-security-auditor

Solid

Security auditing for code, configs, and infrastructure. Use when the user wants to audit or improve security: scan for vulnerabilities (SQL injection, XSS, command injection, path traversal), detect hardcoded secrets and credentials, review auth and authorization, check dependencies for known CVEs, audit config files for insecure defaults, or generate security reports. Trigger on "security audit", "vulnerability scan", "code review for security", "find secrets", "check for vulnerabilities", "OWASP", "CVE", or questions about code security.

AI & Automation 14,173 stars 1674 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 96/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Security Auditor Guide ## Overview This guide covers security auditing workflows for source code, dependencies, and configurations. For detailed vulnerability patterns and detection rules, see references/vulnerability-patterns.md. For secrets detection patterns, see references/secrets-patterns.md. ## Quick Start Run the bundled scan script against a project directory: ```bash python scripts/scan_project.py /path/to/project ``` This performs a lightweight scan for common issues: hardcoded secrets, dangerous function calls, and insecure patterns. For deeper analysis, follow the workflows below. ### Testing the scripts ```bash python scripts/scan_project.py /path/to/some/project --format text python scripts/scan_secrets.py /path/to/some/project --format text ``` ## Audit Workflow ### 1. Reconnaissance Before auditing, understand the project: ```bash # Identify languages, frameworks, and entry points find . -type f -name "*.py" -o -name "*.js" -o -name "*.ts" -o -name "*.go" -o -name "*.java" | head -20 cat package.json pyproject.toml requirements.txt go.mod pom.xml 2>/dev/null ``` Key questions: - What frameworks are used? (Express, Django, Flask, Spring, etc.) - Where are the entry points? (routes, controllers, API handlers) - How is authentication handled? - What external services are called? - Is user input accepted? Where? ### 2. Secrets Detection Scan for hardcoded credentials, API keys, and tokens. See references/secrets-patterns.md for the full pattern li...

Details

Author
eigent-ai
Repository
eigent-ai/eigent
Created
10 months ago
Last Updated
today
Language
TypeScript
License
Apache-2.0

Integrates with

Django · Backend

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

security

Security audit — scans for secrets, injection, bad deps, auth issues; reports findings only

0 Updated 6 days ago
puukis
AI & Automation Listed

security-audit

Audit code and dependencies for security vulnerabilities. Use when reviewing PRs, checking dependencies, preparing for deployment, or when user mentions security, vulnerabilities, or audit.

0 Updated today
israel7852
Data & Documents Listed

security-auditor

Runs available security scanners, parses results, and writes a consolidated security findings report. Use when you need to check a project for vulnerabilities, exposed secrets, insecure dependencies, or other security issues. Triggers: "security audit", "run security scan", "find vulnerabilities", "check for secrets", "scan dependencies", "run security-auditor".

0 Updated today
ivuorinen
AI & Automation Listed

security-audit

Detect common security vulnerabilities in code. Covers OWASP patterns, SQL injection, bare excepts, shell injection. Framework-agnostic.

335 Updated today
aiskillstore
Data & Documents Listed

security-audit

Deep adversarial security audit engine for full-stack web applications. Use this skill when the user wants to audit a codebase for security vulnerabilities, broken access control, injection risks, authentication weaknesses, payment security, file upload exploits, IDOR, CSRF, SSRF, RLS bypass, business logic abuse, rate limiting gaps, or deployment security issues. Trigger whenever the user says "audit my security", "find vulnerabilities", "pen test my app", "is this secure", "check for IDOR", "harden my auth", "review my payment flow for exploits", "can someone bypass this", "what can an attacker do", or shares code and asks about security, exploits, or hardening. Also trigger proactively when reviewing any app that handles auth, payments, file uploads, admin routes, or user-generated content — even if the user doesn't use the word "security".

2 Updated 2 days ago
Heet-P