ReddRadar
Agent skill
security-vulnerability-audit
Workflow for auditing security vulnerabilities using Trunk (Trivy and OSV-scanner). Use when checking for project vulnerabilities, hard-coded secrets, or repairing security flaws.
Stars
163
Forks
31
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/security-vulnerability-audit
SKILL.md
Security Vulnerability Audit
This skill provides a structured process for identifying and reporting security vulnerabilities in the codebase using Trunk's integrated security tools.
Audit Workflow
-
Run Security Scan: Execute the project's security linting script.
bashpnpm run lint:securityNote: This command runs
trunk check --all --scope security, which triggers both Trivy and OSV-scanner. -
Analyze Findings: Review the output from Trunk. Pay close attention to:
- Critical/High vulnerabilities in dependencies (reported by
osv-scanner). - Hard-coded secrets or configuration issues (reported by
trivy).
- Critical/High vulnerabilities in dependencies (reported by
-
Compile Report: Use the findings to create a summary of the security posture.
Reporting Format
For each significant finding, provide:
- Severity: [Critical/High/Medium/Low]
- Tool: [Trivy/OSV-Scanner]
- Description: [Brief description of the vulnerability]
- Impact: [What happens if exploited?]
- Recommendation: [How to fix it, e.g., "Update package X to version Y"]
Resources
- Security Tools Reference: Detailed information on the tools and how to interpret their results.
- Trunk Documentation: Official documentation for the Trunk CLI.
Didn't find tool you were looking for?