Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From claude-code-toolkit
Performs security audit of codebase for dependency vulnerabilities, secrets, OWASP Top 10, input validation, auth issues, and misconfigs. Outputs findings report by severity with fixes and references.
npx claudepluginhub rohitg00/awesome-claude-code-toolkitHow this command is triggered — by the user, by Claude, or both
Slash command
/claude-code-toolkit:auditsecurity/The summary Claude sees in its command listing — used to decide when to auto-load this command
Perform a security audit of the codebase covering common vulnerability categories. ## Steps ### 1. Dependency Vulnerabilities - Run the package manager's audit: `npm audit`, `pip audit`, `cargo audit`, `govulncheck ./...`. - List critical and high severity vulnerabilities. - For each, determine if the vulnerable code path is actually reachable in this project. - Recommend specific version upgrades or patches. ### 2. Secrets Scan - Search for hardcoded secrets, API keys, tokens, and passwords: - Patterns: `password\s*=`, `api[_-]?key`, `secret`, `token`, `Bearer `, base64-encoded string...
/security-scanScans codebase for OWASP Top 10 vulnerabilities and common security patterns. Defaults to entire project or limits to specified path.
/auditAudits project security: dependencies (npm/pip-audit), secrets (gitleaks), SAST (semgrep), OWASP Top 10; generates SECURITY_AUDIT.md, vulnerabilities.json, remediation-plan.md.
/auditPerforms security audit on codebase or specified target, checking dependency vulnerabilities, auth, input validation, data exposure, configs, and secrets. Outputs prioritized findings with remediation steps.
/auditLogs and labels agent interactions (prompts, responses, tool calls) to an append-only JSONL file. Subcommands: record and label.
/auditAudits UI code against design system for spacing, depth, color, and pattern violations. Reports file-specific issues and suggestions. Supports path argument or defaults to common UI paths.
/auditAudits an existing asset for on-page SEO, content quality (CORE-EEAT), technical SEO, AI-visibility/GEO readiness, and domain authority. Also supports --full, --tech, --visibility, --authority, and --competitors flags.
Share bugs, ideas, or general feedback.
Perform a security audit of the codebase covering common vulnerability categories.
npm audit, pip audit, cargo audit, govulncheck ./....password\s*=, api[_-]?key, secret, token, Bearer , base64-encoded strings..env files committed to git, config files, source code..gitignore for proper exclusion of sensitive files.eval(), innerHTML.Produce a findings report organized by severity (Critical, High, Medium, Low, Info) with: