Stats
Actions
Tags
From aura-frog
Audits project security: dependencies (npm/pip-audit), secrets (gitleaks), SAST (semgrep), OWASP Top 10; generates SECURITY_AUDIT.md, vulnerabilities.json, remediation-plan.md.
How this command is triggered — by the user, by Claude, or both
Slash command
/aura-frog:auditsecurity/The summary Claude sees in its command listing — used to decide when to auto-load this command
# Command: security:audit **Purpose:** Comprehensive security audit (dependencies, SAST, secrets, OWASP) **Agent:** security --- ## Usage --- ## Audit Steps --- ## Dependency Scanning --- ## OWASP Top 10 Checks --- ## Output --- ## Severity Levels ---
Purpose: Comprehensive security audit (dependencies, SAST, secrets, OWASP) Agent: security
security:audit # Full audit
security:audit /path/to/project # Specific path
security:audit --quick # Dependencies + secrets only
security:audit --output report.md # Custom output
steps[6]{step,action,tools}:
1. Detect,Identify project type + tech stack,scanner
2. Dependencies,Scan for vulnerable packages,"npm audit/pip-audit/composer audit"
3. Secrets,Find exposed credentials + API keys,gitleaks/truffleHog
4. SAST,Static code analysis for vulnerabilities,semgrep/eslint-security
5. OWASP,Check Top 10 vulnerabilities,Manual review
6. Report,Generate security report + remediation,security-report.md
tools[4]{stack,tool}:
Node.js,npm audit + Snyk
Python,pip-audit + Safety
PHP,Composer audit
Go,nancy + govulncheck
owasp[5]{id,vulnerability}:
A01,Broken Access Control
A02,Cryptographic Failures
A03,Injection (SQL/XSS/Command)
A07,Authentication Failures
A09,Security Logging Failures
.claude/logs/security/
├── SECURITY_AUDIT.md # Full report
├── vulnerabilities.json # Machine-readable
└── remediation-plan.md # Fix recommendations
severity[4]{level,action,sla}:
Critical,Block deployment + immediate fix,24h
High,Fix before release,1 week
Medium,Schedule fix,2 weeks
Low,Track in backlog,As time permits
npx claudepluginhub nguyenthienthanh/aura-frog --plugin aura-frog/auditPerforms security audit of codebase for dependency vulnerabilities, secrets, OWASP Top 10, input validation, auth issues, and misconfigs. Outputs findings report by severity with fixes and references.
/scanLaunch a comprehensive security audit on the current project. Detects vulnerabilities, scans dependencies, checks OWASP Top 10, and generates a structured report.
/security-scanScans codebase for exposed secrets, dependency CVEs, and SAST issues like SQLi/XSS. Produces report with findings table, severities, and upgrade recommendations.
/auditLogs and labels agent interactions (prompts, responses, tool calls) to an append-only JSONL file. Subcommands: record and label.
/auditAudits an existing asset for on-page SEO, content quality (CORE-EEAT), technical SEO, AI-visibility/GEO readiness, and domain authority. Also supports --full, --tech, --visibility, --authority, and --competitors flags.
/auditRuns a heavy-weight security and safety audit on Rust projects using os-checker tools. Checks for CVEs, unsafe code issues, undefined behavior, and concurrency bugs. Supports security, safety, concurrency, and full audit modes.