ReddRadar
Agent skill
security-audit
Review security of command execution, tool permissions, and API key handling. Use when user mentions "security review", "audit", "check security", "vulnerabilities", or before deploying to production.
Install this agent skill to your Project
npx add-skill https://github.com/aiskillstore/marketplace/tree/main/skills/applelamps/security-audit
SKILL.md
Security Audit
Instructions
-
Command Execution Review (
backend/main.py):- Check
run_terminal_command()for shell injection vulnerabilities - Verify timeout is enforced (should be 15 seconds)
- Look for dangerous command patterns
- Check
-
Tool Permission Review:
- Verify Chat mode only allows:
read_file,web_search - Check Agent mode tool restrictions
- Look for permission bypass vulnerabilities
- Verify Chat mode only allows:
-
Secrets Management:
- Ensure
.envis in.gitignore - Check no API keys are hardcoded
- Verify
python-dotenvusage for environment variables
- Ensure
-
WebSocket Security:
- Check for authentication on
/wsendpoint - Review message validation
- Look for injection points in user input
- Check for authentication on
-
Frontend Security:
- Check for XSS in markdown rendering
- Review image upload handling (base64 encoding)
- Verify no sensitive data in client-side code
-
Generate report with:
- Critical issues (immediate action required)
- Warnings (should fix before production)
- Recommendations (best practices)
Examples
- "Run a security audit"
- "Check for vulnerabilities"
- "Review security before deploy"
Guardrails
- This is a READ-ONLY audit; do not modify files
- Report findings without exploiting vulnerabilities
- Recommend fixes but get user approval before implementing
- Never log or expose discovered secrets
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
aiskillstore/marketplace
perigon-backend
Perigon ASP.NET Core + EF Core + Aspire conventions
aiskillstore/marketplace
perigon-agent
Pointers for Copilot/agents to apply Perigon conventions
aiskillstore/marketplace
perigon-angular
Angular 21+ standalone/Material/signal conventions for Perigon WebApp
aiskillstore/marketplace
fastapi-mastery
Comprehensive FastAPI development skill covering REST API creation, routing, request/response handling, validation, authentication, database integration, middleware, and deployment. Use when working with FastAPI projects, building APIs, implementing CRUD operations, setting up authentication/authorization, integrating databases (SQL/NoSQL), adding middleware, handling WebSockets, or deploying FastAPI applications. Triggered by requests involving .py files with FastAPI code, API endpoint creation, Pydantic models, or FastAPI-specific features.
aiskillstore/marketplace
context7-efficient
Token-efficient library documentation fetcher using Context7 MCP with 86.8% token savings through intelligent shell pipeline filtering. Fetches code examples, API references, and best practices for JavaScript, Python, Go, Rust, and other libraries. Use when users ask about library documentation, need code examples, want API usage patterns, are learning a new framework, need syntax reference, or troubleshooting with library-specific information. Triggers include questions like "Show me React hooks", "How do I use Prisma", "What's the Next.js routing syntax", or any request for library/framework documentation.
aiskillstore/marketplace
browser-use
Browser automation using Playwright MCP. Navigate websites, fill forms, click elements, take screenshots, and extract data. Use when tasks require web browsing, form submission, web scraping, UI testing, or any browser interaction.
Didn't find tool you were looking for?