security-audit | netresearch-skills-bundle | ClaudePluginHub

Skill

Community

security-audit

From netresearch-skills-bundle

8

Description

Agent Skill: Security audit patterns for PHP/OWASP. Use when conducting security assessments, identifying vulnerabilities (XXE, SQL injection, XSS), or CVSS scoring. By Netresearch.

Install

1

Add the repository(one-time)

$

/plugin marketplace add netresearch/claude-code-marketplace

2

Install the plugin

$

/plugin install netresearch-skills-bundle@netresearch-claude-code-marketplace

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Supporting Assets

View in Repository

LICENSE

README.md

composer.json

references/cvss-scoring.md

references/owasp-top10.md

references/xxe-prevention.md

scripts/security-audit.sh

Skill Content

Security Audit Skill

Security audits, vulnerability assessment, and secure coding patterns aligned with OWASP.

Expertise Areas

Vulnerabilities: XXE, SQL injection, XSS, CSRF, auth flaws, insecure deserialization
Risk Scoring: CVSS v3.1 methodology
Secure Coding: Input validation, output encoding, cryptography, session management

Reference Files

references/xxe-prevention.md - XXE detection and prevention
references/owasp-top10.md - OWASP Top 10 patterns
references/cvss-scoring.md - CVSS scoring methodology
references/secure-php.md - PHP-specific security patterns
references/secure-config.md - Secure configuration checklists

Quick Patterns

XML parsing (prevent XXE):

$doc->loadXML($input, LIBXML_NONET | LIBXML_NOENT | LIBXML_DTDLOAD);

SQL (prevent injection):

$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$id]);

Output (prevent XSS):

echo htmlspecialchars($input, ENT_QUOTES | ENT_HTML5, 'UTF-8');

Security Checklist

bcrypt/Argon2 for passwords, CSRF tokens on state changes
All input validated server-side, parameterized SQL
XML external entities disabled, file uploads restricted
Context-appropriate output encoding, CSP configured
TLS 1.2+, secrets not in VCS, audit logging

Verification

./scripts/security-audit.sh /path/to/project

Contributing: https://github.com/netresearch/security-audit-skill

Links

GitHub Stats

0 forks

Updated 2 days ago

Similar Skills

claude-opus-4-5-migration

Migrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5. Use when the user wants to update their codebase, prompts, or API calls to use Opus 4.5. Handles model string updates and prompt adjustments for known Opus 4.5 behavioral differences. Does NOT migrate Haiku 4.5.

claude-opus-4-5-migration

47.1k

frontend-design

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

frontend-design

47.1k

Writing Hookify Rules

This skill should be used when the user asks to "create a hookify rule", "write a hook rule", "configure hookify", "add a hookify rule", or needs guidance on hookify rule syntax and patterns.

47.1k