Security Auditor Skill
Automatic security vulnerability detection.
When I Activate
- •Code files modified (especially auth, API, database)
- •User mentions security or vulnerabilities
- •Before deployments or commits
- •Dependency changes
- •Configuration file changes
What I Scan For
OWASP Top 10 Patterns
1. SQL Injection
javascript
// CRITICAL: SQL injection
const query = `SELECT * FROM users WHERE id = ${userId}`;
// SECURE: Parameterized query
const query = "SELECT * FROM users WHERE id = ?";
db.query(query, [userId]);
2. XSS (Cross-Site Scripting)
javascript
// CRITICAL: XSS vulnerability element.innerHTML = userInput; // SECURE: Use textContent or sanitize element.textContent = userInput; // or element.innerHTML = DOMPurify.sanitize(userInput);
3. Authentication Issues
javascript
// CRITICAL: Weak JWT secret const token = jwt.sign(payload, "secret123"); // SECURE: Strong secret from environment const token = jwt.sign(payload, process.env.JWT_SECRET);
4. Sensitive Data Exposure
python
# CRITICAL: Exposed password
password = "admin123"
# SECURE: Environment variable
password = os.getenv("DB_PASSWORD")
5. Broken Access Control
javascript
// CRITICAL: No authorization check
app.delete("/api/users/:id", (req, res) => {
User.delete(req.params.id);
});
// SECURE: Authorization check
app.delete("/api/users/:id", auth, checkOwnership, (req, res) => {
User.delete(req.params.id);
});
Additional Security Checks
- •Insecure Deserialization
- •Security Misconfiguration
- •Insufficient Logging
- •CSRF Protection Missing
- •CORS Misconfiguration
Alert Format
code
🚨 CRITICAL: [Vulnerability type] 📍 Location: file.js:42 🔧 Fix: [Specific remediation] 📖 Reference: [OWASP/CWE link]
Severity Levels
- •🚨 CRITICAL: Must fix immediately (exploitable vulnerabilities)
- •⚠️ HIGH: Should fix soon (security weaknesses)
- •📋 MEDIUM: Consider fixing (potential issues)
- •💡 LOW: Best practice improvements
Real-World Examples
SQL Injection Detection
javascript
// You write:
app.get('/users', (req, res) => {
const sql = `SELECT * FROM users WHERE name = '${req.query.name}'`;
db.query(sql, (err, results) => res.json(results));
});
// I alert:
🚨 CRITICAL: SQL injection vulnerability (line 2)
📍 File: routes/users.js, Line 2
🔧 Fix: Use parameterized queries
const sql = 'SELECT * FROM users WHERE name = ?';
db.query(sql, [req.query.name], ...);
📖 https://owasp.org/www-community/attacks/SQL_Injection
Password Storage
python
# You write:
def create_user(username, password):
user = User(username=username, password=password)
user.save()
# I alert:
🚨 CRITICAL: Storing plain text password (line 2)
📍 File: models.py, Line 2
🔧 Fix: Hash passwords before storing
from bcrypt import hashpw, gensalt
hashed = hashpw(password.encode(), gensalt())
user = User(username=username, password=hashed)
📖 Use bcrypt, scrypt, or argon2 for password hashing
API Key Exposure
javascript
// You write:
const stripe = require('stripe')('sk_live_abc123...');
// I alert:
🚨 CRITICAL: Hardcoded API key detected (line 1)
📍 File: payment.js, Line 1
🔧 Fix: Use environment variables
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
📖 Never commit API keys to version control
Dependency Scanning
I can run security audits on dependencies:
bash
# Node.js npm audit # Python pip-audit # Results flagged with severity
Relationship with @code-reviewer Sub-Agent
Me (Skill): Quick vulnerability pattern detection @code-reviewer (Sub-Agent): Deep security audit with threat modeling
Workflow
- •I detect vulnerability pattern
- •I flag: "🚨 SQL injection detected"
- •You want full analysis → Invoke @code-reviewer sub-agent
- •Sub-agent provides comprehensive security audit
Common Vulnerability Patterns
Authentication
- •Weak password policies
- •Missing MFA
- •Session fixation
- •Insecure password storage
Authorization
- •Missing access control
- •Privilege escalation
- •IDOR (Insecure Direct Object Reference)
Data Protection
- •Unencrypted sensitive data
- •Weak encryption algorithms
- •Missing HTTPS
- •Insecure cookies
Input Validation
- •SQL injection
- •Command injection
- •XSS
- •Path traversal
Integration with Tools
With secret-scanner Skill
code
security-auditor: Checks code patterns secret-scanner: Checks for exposed secrets Together: Comprehensive security coverage
With /review Command
bash
/review --scope staged --checks security # Workflow: # 1. My automatic security findings # 2. @code-reviewer sub-agent deep audit # 3. Comprehensive security report