security-audit
SKILL.md
Security Audit
Scan code for security vulnerabilities and secrets. Detects exposed API keys, passwords, insecure patterns, and common vulnerabilities.
Setup
No additional setup required.
Usage
Scan for Secrets
{baseDir}/security-audit.js --scan --path /path/to/code
Check for Vulnerabilities
{baseDir}/security-audit.js --vulns --path /path/to/code
Full Audit
{baseDir}/security-audit.js --full --path /path/to/code
Options
| Option | Description | Required |
|---|---|---|
--scan |
Scan for secrets | No |
--vulns |
Check for vulnerabilities | No |
--full |
Full security audit | No |
--path |
Path to scan | Yes |
--output |
Output format (json, text) | No |
Detected Patterns
Secrets
- AWS keys:
AKIA... - GitHub tokens:
ghp_...,gho_... - Generic API keys
- Private keys (RSA, DSA, EC)
- Database connection strings
- JWT tokens
Vulnerabilities
- SQL injection patterns
- Command injection patterns
- Path traversal
- Hardcoded passwords
- Weak cryptographic algorithms
- Insecure random
Output Format
{
"secrets": [
{
"file": "config.js",
"line": 10,
"type": "api_key",
"context": "apiKey = '..."
}
],
"vulnerabilities": [
{
"file": "app.js",
"line": 25,
"type": "sql_injection",
"message": "Potential SQL injection"
}
]
}
When to Use
- Pre-commit security checks
- CI/CD security scanning
- Code review assistance
- Detecting accidental secret exposure
Weekly Installs
3
Repository
winsorllc/upgra…carnivalFirst Seen
14 days ago
Security Audits
Installed on
opencode3
claude-code3
github-copilot3
codex3
kimi-cli3
gemini-cli3