Slash Command

/security-audit

Performs systematic security audit across dependencies, auth, inputs, secrets, infra, headers, and more. Outputs findings by severity with remediations, code examples, and executive summary.

Docker

security

Install

npx claudepluginhub jmagly/aiwg --plugin sdlc

Prompt Preview

# Security Audit Command

Perform comprehensive security assessment

## Instructions

Perform a systematic security audit following these steps:

1. **Environment Setup**
   - Identify the technology stack and framework
   - Check for existing security tools and configurations
   - Review deployment and infrastructure setup

2. **Dependency Security**
   - Scan all dependencies for known vulnerabilities
   - Check for outdated packages with security issues
   - Review dependency sources and integrity
   - Use appropriate tools: `npm audit`, `pip check`, `cargo audit`, etc.

3. **Authenticat...

Command Content

Other plugins with /security-audit

/security-audit

Performs systematic security audit across dependencies, auth, inputs, secrets, infra, headers, and more. Outputs findings by severity with remediations, code examples, and executive summary.

commands-security-audit

2.7k

/security-audit

Performs systematic security audit across dependencies, auth, inputs, secrets, infra, headers, and more. Outputs findings by severity with remediations, code examples, and executive summary.

all-commands

2.7k

/security-audit

Performs security vulnerability assessment covering authentication, authorization, input validation, and infrastructure, producing phased reports and remediation plans.

BashEditGlob+5

orchestr8

/security-audit

Audits plugin configuration files including hooks, settings, agents, and CLAUDE.md for 8 security risks like command injection, secrets, and over-permissions. Produces severity-graded report.

ReadGlobGrep+1

cc-best

/security-audit

Perform comprehensive security audit on Android code.

everything-claude-code-android

/security-audit

commands/

7-domain security hardening audit — OWASP Top 10 2025, MITRE ATT&CK mapping, NIST CSF 2.0 alignment, secret detection, supply chain audit, container security, DevSecOps pipeline. Grounded in 734 cybersecurity skills.

productionos

Stats

Parent Repo Stars104

Parent Repo Forks15

Last CommitDec 27, 2025

Used By3 plugins

Actions

View Source View Plugin View on GitHub View README

Tags

# Security Audit Command Perform comprehensive security assessment ## Instructions Perform a systematic security audit following these steps: 1. **Environment Setup** - Identify the technology stack and framework - Check for existing security tools and configurations - Review deployment and infrastructure setup 2. **Dependency Security** - Scan all dependencies for known vulnerabilities - Check for outdated packages with security issues - Review dependency sources and integrity - Use appropriate tools: `npm audit`, `pip check`, `cargo audit`, etc. 3. **Authenticat...

Security Audit Command

Perform comprehensive security assessment

Instructions

Perform a systematic security audit following these steps:

Environment Setup

Identify the technology stack and framework
Check for existing security tools and configurations
Review deployment and infrastructure setup

Dependency Security

Scan all dependencies for known vulnerabilities
Check for outdated packages with security issues
Review dependency sources and integrity
Use appropriate tools: npm audit, pip check, cargo audit, etc.

Authentication & Authorization

Review authentication mechanisms and implementation
Check for proper session management
Verify authorization controls and access restrictions
Examine password policies and storage

Input Validation & Sanitization

Check all user input validation and sanitization
Look for SQL injection vulnerabilities
Identify potential XSS (Cross-Site Scripting) issues
Review file upload security and validation

Data Protection

Identify sensitive data handling practices
Check encryption implementation for data at rest and in transit
Review data masking and anonymization practices
Verify secure communication protocols (HTTPS, TLS)

Secrets Management

Scan for hardcoded secrets, API keys, and passwords
Check for proper secrets management practices
Review environment variable security
Identify exposed configuration files

Error Handling & Logging

Review error messages for information disclosure
Check logging practices for security events
Verify sensitive data is not logged
Assess error handling robustness

Infrastructure Security

Review containerization security (Docker, etc.)
Check CI/CD pipeline security
Examine cloud configuration and permissions
Assess network security configurations

Security Headers & CORS

Check security headers implementation
Review CORS configuration
Verify CSP (Content Security Policy) settings
Examine cookie security attributes

Reporting

Document all findings with severity levels (Critical, High, Medium, Low)
Provide specific remediation steps for each issue
Include code examples and file references
Create an executive summary with key recommendations

Use automated security scanning tools when available and provide manual review for complex security patterns.

Security Audit Command

Perform comprehensive security assessment

Instructions

Perform a systematic security audit following these steps:

Environment Setup

Identify the technology stack and framework
Check for existing security tools and configurations
Review deployment and infrastructure setup

Dependency Security

Scan all dependencies for known vulnerabilities
Check for outdated packages with security issues
Review dependency sources and integrity
Use appropriate tools: npm audit, pip check, cargo audit, etc.

Authentication & Authorization

Review authentication mechanisms and implementation
Check for proper session management
Verify authorization controls and access restrictions
Examine password policies and storage

Input Validation & Sanitization

Check all user input validation and sanitization
Look for SQL injection vulnerabilities
Identify potential XSS (Cross-Site Scripting) issues
Review file upload security and validation

Data Protection

Identify sensitive data handling practices
Check encryption implementation for data at rest and in transit
Review data masking and anonymization practices
Verify secure communication protocols (HTTPS, TLS)

Secrets Management

Scan for hardcoded secrets, API keys, and passwords
Check for proper secrets management practices
Review environment variable security
Identify exposed configuration files

Error Handling & Logging

Review error messages for information disclosure
Check logging practices for security events
Verify sensitive data is not logged
Assess error handling robustness

Infrastructure Security

Review containerization security (Docker, etc.)
Check CI/CD pipeline security
Examine cloud configuration and permissions
Assess network security configurations

Security Headers & CORS

Check security headers implementation
Review CORS configuration
Verify CSP (Content Security Policy) settings
Examine cookie security attributes

Reporting

Document all findings with severity levels (Critical, High, Medium, Low)
Provide specific remediation steps for each issue
Include code examples and file references
Create an executive summary with key recommendations

Use automated security scanning tools when available and provide manual review for complex security patterns.