AgentSkillsCN

security-audit

全面的安全扫描与漏洞检测。涵盖输入验证、路径遍历防护、CVE 漏洞检测以及安全编码规范的强制执行。适用场景:身份认证实现、授权逻辑、支付处理、用户数据管理、API 端点创建、文件上传处理、数据库查询、外部 API 集成时使用。若仅涉及对公共数据的只读操作、内部开发工具、静态文档,或仅需进行样式调整,则可跳过此步骤。

SKILL.md
--- frontmatter
name: security-audit
description: >
  Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.
  Use when: authentication implementation, authorization logic, payment processing, user data handling, API endpoint creation, file upload handling, database queries, external API integration.
  Skip when: read-only operations on public data, internal development tooling, static documentation, styling changes.

Security Audit Skill

Purpose

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.

When to Trigger

  • authentication implementation
  • authorization logic
  • payment processing
  • user data handling
  • API endpoint creation
  • file upload handling
  • database queries
  • external API integration

When to Skip

  • read-only operations on public data
  • internal development tooling
  • static documentation
  • styling changes

Commands

Full Security Scan

Run comprehensive security analysis on the codebase

bash
npx @claude-flow/cli security scan --depth full

Example:

bash
npx @claude-flow/cli security scan --depth full --output security-report.json

Input Validation Check

Check for input validation issues

bash
npx @claude-flow/cli security scan --check input-validation

Example:

bash
npx @claude-flow/cli security scan --check input-validation --path ./src/api

Path Traversal Check

Check for path traversal vulnerabilities

bash
npx @claude-flow/cli security scan --check path-traversal

SQL Injection Check

Check for SQL injection vulnerabilities

bash
npx @claude-flow/cli security scan --check sql-injection

XSS Check

Check for cross-site scripting vulnerabilities

bash
npx @claude-flow/cli security scan --check xss

CVE Scan

Scan dependencies for known CVEs

bash
npx @claude-flow/cli security cve --scan

Example:

bash
npx @claude-flow/cli security cve --scan --severity high

Security Audit Report

Generate full security audit report

bash
npx @claude-flow/cli security audit --report

Example:

bash
npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md

Threat Modeling

Run threat modeling analysis

bash
npx @claude-flow/cli security threats --analyze

Validate Secrets

Check for hardcoded secrets

bash
npx @claude-flow/cli security validate --check secrets

Scripts

ScriptPathDescription
security-scan.agents/scripts/security-scan.shRun full security scan pipeline
cve-remediate.agents/scripts/cve-remediate.shAuto-remediate known CVEs

References

DocumentPathDescription
Security Checklistdocs/security-checklist.mdSecurity review checklist
OWASP Guidedocs/owasp-top10.mdOWASP Top 10 mitigation guide

Best Practices

  1. Check memory for existing patterns before starting
  2. Use hierarchical topology for coordination
  3. Store successful patterns after completion
  4. Document any new learnings