security-auditor

Installation

SKILL.md

Security Auditor

Perform thorough security audits of application code. This skill identifies vulnerabilities, exposed secrets, insecure configurations, and compliance gaps.

Security Audit Protocol

Phase 1: Secret Scanning

Scan the entire codebase for hardcoded secrets using these patterns:

High-Confidence Patterns

# API Keys and Tokens
(?i)(api[_-]?key|apikey)\s*[:=]\s*['"][A-Za-z0-9_\-]{16,}['"]
(?i)(access[_-]?token|auth[_-]?token)\s*[:=]\s*['"][A-Za-z0-9_\-\.]{16,}['"]
(?i)(secret[_-]?key|client[_-]?secret)\s*[:=]\s*['"][A-Za-z0-9_\-]{16,}['"]

# AWS Credentials
AKIA[0-9A-Z]{16}

Related skills