Agent skill

security-audit

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement. Use when: authentication implementation, authorization logic, payment processing, user data handling, API endpoint creation, file upload handling, database queries, external API integration. Skip when: read-only operations on public data, internal development tooling, static documentation, styling changes.

View SKILL.md on GitHub Repository
Stars 31,446
Forks 3,514

Install this agent skill to your Project

npx add-skill https://github.com/ruvnet/ruflo/tree/main/.agents/skills/security-audit

SKILL.md

Security Audit Skill

Purpose

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.

When to Trigger

  • authentication implementation
  • authorization logic
  • payment processing
  • user data handling
  • API endpoint creation
  • file upload handling
  • database queries
  • external API integration

When to Skip

  • read-only operations on public data
  • internal development tooling
  • static documentation
  • styling changes

Commands

Full Security Scan

Run comprehensive security analysis on the codebase

bash
npx @claude-flow/cli security scan --depth full

Example:

bash
npx @claude-flow/cli security scan --depth full --output security-report.json

Input Validation Check

Check for input validation issues

bash
npx @claude-flow/cli security scan --check input-validation

Example:

bash
npx @claude-flow/cli security scan --check input-validation --path ./src/api

Path Traversal Check

Check for path traversal vulnerabilities

bash
npx @claude-flow/cli security scan --check path-traversal

SQL Injection Check

Check for SQL injection vulnerabilities

bash
npx @claude-flow/cli security scan --check sql-injection

XSS Check

Check for cross-site scripting vulnerabilities

bash
npx @claude-flow/cli security scan --check xss

CVE Scan

Scan dependencies for known CVEs

bash
npx @claude-flow/cli security cve --scan

Example:

bash
npx @claude-flow/cli security cve --scan --severity high

Security Audit Report

Generate full security audit report

bash
npx @claude-flow/cli security audit --report

Example:

bash
npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md

Threat Modeling

Run threat modeling analysis

bash
npx @claude-flow/cli security threats --analyze

Validate Secrets

Check for hardcoded secrets

bash
npx @claude-flow/cli security validate --check secrets

Scripts

Script Path Description
security-scan .agents/scripts/security-scan.sh Run full security scan pipeline
cve-remediate .agents/scripts/cve-remediate.sh Auto-remediate known CVEs

References

Document Path Description
Security Checklist docs/security-checklist.md Security review checklist
OWASP Guide docs/owasp-top10.md OWASP Top 10 mitigation guide

Best Practices

  1. Check memory for existing patterns before starting
  2. Use hierarchical topology for coordination
  3. Store successful patterns after completion
  4. Document any new learnings

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

ruvnet/ruflo

add-model-descriptions

Add descriptions for new models from the HuggingFace router to chat-ui configuration. Use when new models are released on the router and need descriptions added to prod.yaml and dev.yaml. Triggers on requests like "add new model descriptions", "update models from router", "sync models", or when explicitly invoking /add-model-descriptions.

31,446 3,514
Explore
ruvnet/ruflo

agent-swarm-pr

Agent skill for swarm-pr - invoke with $agent-swarm-pr

31,446 3,514
Explore
ruvnet/ruflo

agent-neural-network

Agent skill for neural-network - invoke with $agent-neural-network

31,446 3,514
Explore
ruvnet/ruflo

agent-performance-analyzer

Agent skill for performance-analyzer - invoke with $agent-performance-analyzer

31,446 3,514
Explore
ruvnet/ruflo

agent-researcher

Agent skill for researcher - invoke with $agent-researcher

31,446 3,514
Explore
ruvnet/ruflo

V3 Memory Unification

Unify 6+ memory systems into AgentDB with HNSW indexing for 150x-12,500x search improvements. Implements ADR-006 (Unified Memory Service) and ADR-009 (Hybrid Memory Backend).

31,446 3,514
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results