when-auditing-security-use-security-analyzer
Run comprehensive security audits with multi-agent coordination
Security vulnerabilities often go undetected until it is too late. This skill performs automated security auditing across 5 vectors to identify SQL injection, XSS, path traversal, and other vulnerabilities before attackers do.
下載技能 ZIP
在 Claude 中上傳
前往 設定 → 功能 → 技能 → 上傳技能
開啟並開始使用
測試它
正在使用「when-auditing-security-use-security-analyzer」。 Run security audit on our Express API
預期結果:
- Static Analysis: 3 SQL injection vulnerabilities found in user routes
- Dynamic Testing: CSRF protection missing on /api/transfer endpoint
- Dependencies: No critical CVEs found
- Secrets: 2 exposed API keys detected in config files
- OWASP Score: 75 percent (PASS - above 70 percent threshold)
- Report saved to: /tmp/SECURITY-AUDIT-REPORT.md
正在使用「when-auditing-security-use-security-analyzer」。 Scan for secrets after adding Stripe integration
預期結果:
- Pattern Scan: Found 1 potential Stripe secret key in src/config.js
- Entropy Analysis: 3 high-entropy strings flagged for review
- Environment Check: 5 process.env accesses reviewed - 2 need masking
- Recommendation: Move Stripe key to environment variables immediately
正在使用「when-auditing-security-use-security-analyzer」。 Check OWASP compliance before release
預期結果:
- A01 Broken Access Control: PASS (authorization checks present)
- A02 Cryptographic Failures: FAIL (md5 usage detected in auth.js)
- A03 Injection: WARN (2 SQL injection patterns need review)
- A06 Vulnerable Components: PASS (no critical CVEs)
- Overall Compliance: 78 percent - Review high-priority items before release
安全審計
安全This is a legitimate security auditing skill. All 777 static findings are FALSE POSITIVES - patterns detected in documentation describe VULNERABILITY EXAMPLES that the skill is designed to detect in user codebases, not actual exploits. The skill performs defensive security scanning across 5 vectors with proper validation gates.
風險因素
⚡ 包含腳本 (1)
🌐 網路存取 (2)
📁 檔案系統存取 (2)
⚙️ 外部命令 (2)
🔑 環境變數 (2)
品質評分
你能建構什麼
Pre-commit security checks
Integrate security scanning into git hooks to catch vulnerabilities before code reaches production
Compliance auditing
Generate OWASP compliance reports for security audits and regulatory requirements
CI/CD pipeline security
Automate security scanning in build pipelines with fail-fast on critical vulnerabilities
試試這些提示
Run a quick security audit on this codebase to check for common vulnerabilities
Perform comprehensive security testing including dynamic tests before we deploy to production
Scan for exposed API keys, passwords, and secrets in the codebase
Generate OWASP Top 10 compliance report with recommendations for improving our security posture
最佳實務
- Run security audits before every major release or when adding new dependencies
- Set up automated scanning in CI/CD pipelines with strict mode for critical issues
- Review and fix critical vulnerabilities immediately, high issues within the sprint
避免
- Ignoring security warnings without understanding the risk
- Running audits only at project end instead of continuously
- Focusing only on static analysis without testing runtime vulnerabilities