스킬 security-audit

🔒

security-audit

Name: security-audit
Author: sickn33

안전

Run Comprehensive Security Audits

또한 다음에서 사용할 수 있습니다: Consiliency,Joseph OBrien,Joseph OBrien,AppleLamps,ClementWalter

This workflow bundle orchestrates multiple security skills to conduct full penetration tests, vulnerability assessments, and security hardening across web applications and APIs.

지원: Claude Codex Code(CC)

🥉 73 브론즈

스킬 ZIP 다운로드

Claude에서 업로드

설정 → 기능 → 스킬 → 스킬 업로드로 이동

토글을 켜고 사용 시작

테스트해 보기

"security-audit" 사용 중입니다. Run a security audit on my REST API

예상 결과:

I will conduct a comprehensive security audit of your REST API following our structured workflow.

**Phase 1: Reconnaissance**
- Identify API endpoints and technology stack
- Gather intelligence on exposed services

**Phase 2: Vulnerability Scanning**
- Run automated vulnerability scanners
- Perform static analysis
- Scan dependencies for known vulnerabilities

**Phase 4: API Security Testing**
- Enumerate all API endpoints
- Test authentication mechanisms
- Test for rate limiting bypasses
- Test input validation and error handling

Shall I proceed with any specific phase?

"security-audit" 사용 중입니다. Help me test for SQL injection vulnerabilities

예상 결과:

I will guide you through SQL injection testing using the @sql-injection-testing skill.

**Testing Approach:**
1. Identify injection points in your application
2. Test for SQL injection using manual techniques
3. Use automated tools to enumerate vulnerabilities
4. Document proof of concept for each finding

Would you like me to proceed with testing specific endpoints?

보안 감사

안전

v1 • 2/25/2026

All static findings are false positives. The 48 external_command detections are markdown code blocks using backticks for prompt examples, not actual shell execution. The Metasploit reference is a skill name to invoke, not tool execution. The weak crypto alerts are triggered by the word 'vulnerability' in context. This is a documentation-only workflow bundle with no executable code.

스캔된 파일

219

분석된 줄 수

발견 사항

총 감사 수

낮은 위험 문제 (3)

SKILL.md:32-217

False Positive: External Command Detection

Static scanner detected 48 instances of backtick usage as 'external commands'. These are markdown code block delimiters for example prompts, not actual Ruby/shell execution. No command injection risk exists.

SKILL.md:132

False Positive: Metasploit Framework Reference

Static scanner flagged 'Metasploit framework' as a blocker. This is a reference to an external skill name (@metasploit-framework) to invoke, not actual Metasploit tool usage.

SKILL.md:3 SKILL.md:192

False Positive: Weak Cryptographic Algorithm

Static scanner flagged 'weak cryptographic algorithm' at lines 3 and 192. These are false positives triggered by the word 'vulnerability' in the description and 'Using Components with Known Vulnerabilities' from OWASP Top 10 checklist.

감사자: claude

품질 점수

아키텍처

100

유지보수성

콘텐츠

커뮤니티

보안

사양 준수

만들 수 있는 것

Security Consultant Auditing Client Web App

Use the full workflow to conduct a comprehensive security assessment following industry-standard methodologies.

Developer Securing Own Application

Use vulnerability scanning and hardening phases to find and fix security issues before production deployment.

DevSecOps Team Running Automated Scans

Integrate scanning phases into CI/CD pipelines for continuous security validation.

이 프롬프트를 사용해 보세요

Start Full Security Audit

Use @security-audit to run a comprehensive security audit on my web application. Start with reconnaissance and work through all phases.

Quick Vulnerability Scan

Use @security-audit to perform Phase 2 vulnerability scanning on my application. Focus on automated scanner results.

API Security Test

Use @security-audit to conduct Phase 4 API security testing. Test authentication, rate limiting, and input validation.

Generate Security Report

Use @security-audit Phase 7 reporting to document all findings and create a remediation plan for the vulnerabilities found.

모범 사례

Always obtain written authorization before testing any target
Follow the workflow phases in order for comprehensive coverage
Document all findings with proof of concept evidence
Use the OWASP Top 10 checklist as minimum coverage baseline

피하기

Running penetration tests without proper authorization
Skipping reconnaissance and jumping directly to exploitation
Ignoring findings from automated scanners without manual verification
Failing to document findings with reproducible steps

자주 묻는 질문

Does this skill actually run security scanners?

No. This is a workflow bundle that provides guidance and orchestrates other security skills. It does not execute actual scanning tools.

Do I need other skills installed?

Yes. This workflow references other skills like scanning-tools, vulnerability-scanner, and pentest-commands. These must be available for full functionality.

Is this tool safe to use on any website?

No. Only use on systems you own or have explicit written authorization to test. Unauthorized penetration testing is illegal.

Can this generate a final security report?

The workflow includes Phase 7 for reporting, which helps structure findings and remediation steps. Final report generation requires manual compilation.

What OWASP categories are covered?

The workflow covers all OWASP Top 10 categories including injection, broken authentication, sensitive data exposure, XXE, broken access control, security misconfiguration, XSS, insecure deserialization, vulnerable components, and insufficient logging.

Does this work with Claude Code and Codex?

Yes. This skill supports claude, codex, and claude-code tools as specified in the supported_tools field.

개발자 세부 정보

작성자

sickn33

라이선스

MIT

리포지토리

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/security-audit

참조

main

파일 구조

📄 SKILL.md