ReddRadar
Agent skill
audit-security
Scan codebase for security vulnerabilities. Use for pre-deploy security checks.
Stars
0
Forks
0
Install this agent skill to your Project
npx add-skill https://github.com/MonDevHub/gakom/tree/tanstack-query/.claude/skills/audit-security
SKILL.md
Perform security audit across the codebase, including current repository context.
Current Repository Status
- Recent commits: !
git log -5 --oneline - Database migrations: !
ls migrations/ | head -5 || echo "No migrations found" - Exposed files: !
find . -name "*.env*" -o -name "*secret*" | head -5
Audit Tasks
Scan for:
- Exposed environment variables (console.log, hardcoded secrets)
- Auth bypass in routes/handlers (!
grep -r "locals.session" --include="*.ts" src/) - Insecure defaults in ORPC/Better Auth configs
- SQL injection risks in Drizzle queries (!
grep -r "sql\.\|db\." --include="*.ts" src/) - XSS/CSRF in Svelte components
- Open ports/services without rate limiting
Findings Summary
- Environment: Check for leaked secrets in git history (!
git log --all --full-history -S "$DATABASE_URL" -p | head -20) - Auth: Verify all protected routes have session checks
- Data: Ensure input validation in all handlers
- Security conventions:
- Use
$env/static/privatefor secrets - Validate all user inputs with Zod
- Log auth failures without exposing details
- Rotate keys regularly in .env files
- Use
Auto-generated Report
Based on the repository context above, identify and flag any security shortcuts currently in place.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
MonDevHub/gakom
add-orpc-handler
0
0
Explore
MonDevHub/gakom
full-stack-crud
0
0
Explore
MonDevHub/gakom
scaffold-auth-route
0
0
Explore
MonDevHub/gakom
integrate-rate-limit
0
0
Explore
MonDevHub/gakom
setup-drizzle-migration
0
0
Explore
MonDevHub/gakom
add-theming
Enable dark mode and CSS variable theming on components. Use for consistent theming.
0
0
Explore
Didn't find tool you were looking for?