AgentSkillsCN

audit

安全审计、架构评审与合规性分析方法论。在进行安全审查、检查漏洞、分析代码架构、审计依赖项、检查循环依赖、评估耦合度与内聚力,或评估合规性时使用此功能。涵盖OWASP十大漏洞、依赖项分析以及代码质量指标。

SKILL.md
--- frontmatter
name: audit
description: >
  Security audit, architecture review, and compliance analysis methodology. Use when
  performing security reviews, checking for vulnerabilities, analyzing code architecture,
  auditing dependencies, checking for circular dependencies, evaluating coupling/cohesion,
  or assessing compliance. Covers OWASP Top 10, dependency analysis, and code quality metrics.

Audit Skill

Purpose

Provide structured methodology for comprehensive security audits, architecture reviews, and compliance checks. Produces actionable findings with severity levels and remediation paths.

Security Audit Methodology (OWASP-aligned)

Quick Grep Patterns

Use these patterns to quickly scan for common vulnerabilities:

Injection

bash
# SQL injection
grep -rn "f\"SELECT\|f\"INSERT\|f\"UPDATE\|f\"DELETE\|f\"DROP" --include="*.py"
grep -rn "execute.*+.*input\|execute.*%s.*%.*input" --include="*.py"
grep -rn "query.*\`\$\{" --include="*.ts" --include="*.js"

# Command injection
grep -rn "os\.system\|os\.popen\|subprocess.*shell=True" --include="*.py"
grep -rn "child_process\|exec(" --include="*.ts" --include="*.js"
grep -rn "system(\|popen(" --include="*.c" --include="*.cpp"

# Eval / code execution
grep -rn "eval(\|exec(" --include="*.py" --include="*.js" --include="*.ts"

Secrets & Credentials

bash
# Hardcoded secrets
grep -rn "password\s*=\s*['\"]" --include="*.py" --include="*.ts" --include="*.js"
grep -rn "api_key\|apiKey\|API_KEY\|secret_key\|SECRET" --include="*.py" --include="*.ts"
grep -rn "BEGIN RSA PRIVATE KEY\|BEGIN PRIVATE KEY" -r .

# Check for .env files in version control
git ls-files | grep -i "\.env"

Insecure Patterns

bash
# HTTP instead of HTTPS
grep -rn "http://" --include="*.py" --include="*.ts" --include="*.yaml" --include="*.yml"

# Insecure crypto
grep -rn "md5\|sha1\|DES\|RC4" --include="*.py" --include="*.ts" --include="*.java"

# Missing input validation
grep -rn "request\.get\|request\.post\|req\.body\|req\.params\|req\.query" \
  --include="*.py" --include="*.ts" --include="*.js"

OWASP Top 10 Checklist (2021)

#CategoryWhat to Check
A01Broken Access ControlMissing auth checks, IDOR, path traversal, CORS
A02Cryptographic FailuresWeak hashing, plaintext secrets, missing encryption
A03InjectionSQL, NoSQL, OS command, LDAP, XSS
A04Insecure DesignMissing threat model, no rate limiting, no abuse prevention
A05Security MisconfigurationDefault creds, verbose errors, unnecessary features
A06Vulnerable ComponentsOutdated deps, known CVEs
A07Auth FailuresWeak passwords allowed, missing MFA, session issues
A08Data Integrity FailuresNo signature verification, insecure deserialization
A09Logging FailuresMissing audit logs, logging sensitive data
A10SSRFUnchecked URLs, internal network access

For detailed checklists, see SECURITY_CHECKLIST.md.

Architecture Review Methodology

Module Dependency Analysis

What to look for:

  1. Circular dependencies — Module A imports B, B imports A (or longer cycles).
  2. God modules — Modules that everything depends on (high fan-in AND fan-out).
  3. Layering violations — Lower layers importing upper layers.
  4. Unstable dependencies — Stable modules depending on frequently-changing ones.

Quick analysis commands:

bash
# Python: find import cycles
grep -rn "^from \|^import " --include="*.py" | \
  awk -F: '{print $1}' | sort | uniq -c | sort -rn | head -20

# Python: count dependencies per file
grep -rn "^from \|^import " --include="*.py" src/ | \
  awk -F: '{print $1}' | sort | uniq -c | sort -rn

# TypeScript: find import cycles
grep -rn "^import " --include="*.ts" --include="*.tsx" | \
  awk -F: '{print $1}' | sort | uniq -c | sort -rn | head -20

# C/C++: find include dependencies
grep -rn "^#include" --include="*.h" --include="*.cpp" | \
  awk -F: '{print $1}' | sort | uniq -c | sort -rn | head -20

Code Quality Metrics

MetricThresholdTool
Cyclomatic complexity≤ 15 per functionradon (Python), eslint (TS)
Function length≤ 50 linesmanual / linter
File length≤ 500 lineswc -l
Parameters≤ 5 per functionlinter
Nesting depth≤ 4 levelslinter
Fan-out (imports)≤ 10 per modulecustom analysis

For detailed architecture review guidance, see ARCHITECTURE_REVIEW.md.

Severity Definitions

LevelDefinitionSLA
CRITICALExploitable vulnerability, data loss, system compromiseFix immediately
HIGHSignificant security or quality riskFix this sprint
MEDIUMModerate risk, maintainability concernFix this quarter
LOWMinor improvement, style issueBacklog
INFOObservation, no action required

Report Template

markdown
## Audit Report — [Scope]
**Date**: YYYY-MM-DD
**Auditor**: Claude Code (auditor agent)
**Scope**: [files/modules reviewed]

### Summary
| Severity | Count |
|----------|-------|
| Critical | N |
| High     | N |
| Medium   | N |
| Low      | N |
| Info     | N |

### Findings

#### [ID] [SEVERITY] Title
- **Category**: [Security/Architecture/Dependency/Compliance]
- **Location**: `file:line`
- **Description**: What the issue is
- **Impact**: What could go wrong
- **Evidence**: Code snippet or command output
- **Remediation**: How to fix it
- **Reference**: Standard/guideline (e.g., OWASP A03)