Security Audit Skill
Security audit patterns (OWASP Top 10, CWE Top 25 2025, CVSS v4.0) and GitHub project security checks for any project. Deep automated PHP/TYPO3 code scanning with 80+ checkpoints, 19 reference guides, and PreToolUse warnings.
Compatibility
This is an Agent Skill following the open standard originally developed by Anthropic and released for cross-platform use.
Supported Platforms:
- Claude Code (Anthropic)
- Cursor
- GitHub Copilot
- Other skills-compatible AI agents
Skills are portable packages of procedural knowledge that work across any AI agent supporting the Agent Skills specification.
Features
- Vulnerability Assessment: XXE injection, SQL injection, XSS, CSRF, command injection, path traversal, file upload vulnerabilities, insecure deserialization, SSRF, type juggling, SSTI, JWT flaws, LDAP injection, email header injection, session fixation
- Risk Scoring: CVSS v3.1 and v4.0 scoring methodology, risk matrix assessment, impact and likelihood analysis, prioritization frameworks
- Secure Coding: Input validation, output encoding, cryptographic best practices (sodium), session management, authentication patterns, security headers
- Standards Compliance: OWASP Top 10, CWE Top 25 (2025), OWASP ASVS v4.0, Proactive Controls — applicable to any project
- PHP/TYPO3 Deep Scanning: 80+ automated checkpoints, PHP 8.x security features, framework patterns (TYPO3, Symfony, Laravel)
- DevSecOps: CI/CD security pipeline, SAST, dependency scanning, supply chain security, SLSA
Installation
Marketplace (Recommended)
Add the Netresearch marketplace once, then browse and install skills:
# Claude Code
/plugin marketplace add netresearch/claude-code-marketplace
Install with any Agent Skills-compatible agent:
npx skills add https://github.com/netresearch/security-audit-skill --skill security-audit
Download Release
Download the latest release and extract to your agent's skills directory.
Git Clone
git clone https://github.com/netresearch/security-audit-skill.git
Composer (PHP Projects)
composer require netresearch/security-audit-skill
Requires netresearch/composer-agent-skill-plugin.
npm (Node Projects)
npm install --save-dev \
@netresearch/agent-skill-coordinator \
github:netresearch/security-audit-skill
Requires @netresearch/agent-skill-coordinator, which discovers the skill in node_modules and registers it in AGENTS.md via a postinstall hook. For pnpm, also allowlist the coordinator's postinstall:
{
"pnpm": {
"onlyBuiltDependencies": ["@netresearch/agent-skill-coordinator"]
}
}
Usage
This skill is automatically triggered when:
- Conducting security assessments
- Identifying vulnerabilities (XXE, SQL injection, XSS, CSRF, command injection)
- Scoring security risks with CVSS v3.1 or v4.0
- Implementing secure coding practices
- Auditing PHP applications for security issues
- Reviewing code for OWASP Top 10 vulnerabilities
- Setting up CI/CD security pipelines
Example queries:
- "Audit this code for XXE vulnerabilities"
- "Check for SQL injection risks"
- "Score this vulnerability using CVSS v4.0"
- "Review authentication implementation for security flaws"
- "Implement secure XML parsing"
- "What security headers should this application set?"
Structure
