Agent skill

security-audit-creation

Generate security audit documentation following the SECURITY-AUDIT template. Use when performing security reviews, checking for vulnerabilities, or when the user asks for a security audit.

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/security-audit-creation

SKILL.md

Security Audit Creation Skill

Purpose: Generate comprehensive security audit documentation. Ensures security reviews are thorough and remediation is tracked.

Trigger

When: Pre-deployment review OR compliance audit OR security concern raised Context Needed: Code to review, threat model, compliance requirements MCP Tools: mcp_payment-syste_search_full_text, read_file, grep_search

Required Sections

markdown
# [Feature/System] - Security Audit

## Audit Metadata

- Date: YYYY-MM-DD
- Auditor: @username
- Scope: [description]
- Classification: internal | confidential

## Executive Summary

[High-level findings]

## Threat Model

### Assets

- [asset]: [classification]

### Threat Actors

- [actor]: [capability]

### Attack Vectors

- [vector]: [mitigation]

## Findings

### Critical

| ID  | Title | Status | Remediation |
| :-- | :---- | :----- | :---------- |

### High

...

### Medium

...

### Low

...

## Compliance Status

- [ ] OWASP Top 10
- [ ] PCI-DSS (if applicable)
- [ ] GDPR (if applicable)

OWASP Top 10 Checklist

markdown
## OWASP Top 10 (2021)

| #   | Category                  | Status   | Notes |
| :-- | :------------------------ | :------- | :---- |
| A01 | Broken Access Control     | ✅/⚠️/❌ |       |
| A02 | Cryptographic Failures    | ✅/⚠️/❌ |       |
| A03 | Injection                 | ✅/⚠️/❌ |       |
| A04 | Insecure Design           | ✅/⚠️/❌ |       |
| A05 | Security Misconfiguration | ✅/⚠️/❌ |       |
| A06 | Vulnerable Components     | ✅/⚠️/❌ |       |
| A07 | Auth Failures             | ✅/⚠️/❌ |       |
| A08 | Software/Data Integrity   | ✅/⚠️/❌ |       |
| A09 | Security Logging          | ✅/⚠️/❌ |       |
| A10 | SSRF                      | ✅/⚠️/❌ |       |

Finding Format

markdown
### FINDING-001: [Title]

**Severity:** Critical | High | Medium | Low
**Category:** OWASP A0X
**Status:** Open | In Progress | Resolved

**Description:**
[What was found]

**Impact:**
[Potential damage]

**Reproduction:**

1. [step]
2. [step]

**Recommendation:**
[How to fix]

**Remediation Timeline:**

- Target: YYYY-MM-DD
- Owner: @username

Reference

  • 09-SECURITY-AUDIT-TEMPLATE.md
  • SECURITY-ARCHITECTURE.md

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

majiayu000/claude-skill-registry

agent-ops-spec

Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-state

Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-spec

Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-testing

Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-testing

Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-state

Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.

163 31
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results