Skill

security-audit

General-purpose security auditing guide. Covers OWASP Top 10, dependency vulnerabilities, authentication, authorization, input validation, and secret management. Use this when performing a security review or audit.

Install

npx claudepluginhub s-hiraoku/synapse-a2a --plugin synapse-a2a

Tool Access

This skill uses the workspace's default tool permissions.

Preview

This skill provides a comprehensive framework for security auditing, ensuring that common vulnerabilities are identified and addressed during development and review.

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.2k

mcp-builder

9 files

Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).

anthropics-skills-13

124.2k

canvas-design

20 files

Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.

anthropics-skills-13

124.2k

Stats

Parent Repo Stars2

Parent Repo Forks0

Last CommitFeb 11, 2026

Used By3 plugins

Actions

View Source View Plugin View on GitHub View README

Security Audit Skill

This skill provides a comprehensive framework for security auditing, ensuring that common vulnerabilities are identified and addressed during development and review.

Audit Checklist

1. OWASP Top 10 & Common Vulnerabilities

Injection: Check for SQL, Command, or NoSQL injection points. Ensure parameterized queries or proper escaping is used.

Broken Access Control: Verify that users cannot access resources outside of their intended permissions.

Insecure Design: Evaluate the overall architecture for security flaws.

Cryptographic Failures: Ensure sensitive data (passwords, PII) is encrypted at rest and in transit using modern algorithms (e.g., AES-256, TLS 1.3).

2. Dependency Management

Vulnerability Scanning: Check for known vulnerabilities in third-party libraries (e.g., using npm audit, pip-audit, or snyk).

Outdated Packages: Identify and update significantly outdated dependencies.

3. Authentication & Authorization

Credential Management: Ensure passwords are never stored in plain text (use Argon2, bcrypt, or scrypt).

Session Management: Verify secure session handling (HttpOnly, Secure, SameSite flags for cookies).

MFA/2FA: Check for the implementation or requirement of multi-factor authentication where appropriate.

4. Input Validation & Data Handling

Sanitization: Validate and sanitize all user-supplied data at the trust boundary.

Encoding: Ensure output encoding is used to prevent Cross-Site Scripting (XSS).

Secret Management: Confirm that API keys, secrets, and credentials are NOT committed to the repository (use environment variables or secret managers).

Usage Guidelines

When asked to "audit" or "perform a security review":

Systematically go through each category above.

For each finding, categorize it by severity (Critical, High, Medium, Low).

Provide clear remediation steps for every identified issue.

Document any positive security practices already in place.

Security Audit Skill

This skill provides a comprehensive framework for security auditing, ensuring that common vulnerabilities are identified and addressed during development and review.

Audit Checklist

1. OWASP Top 10 & Common Vulnerabilities

Injection: Check for SQL, Command, or NoSQL injection points. Ensure parameterized queries or proper escaping is used.
Broken Access Control: Verify that users cannot access resources outside of their intended permissions.
Insecure Design: Evaluate the overall architecture for security flaws.
Cryptographic Failures: Ensure sensitive data (passwords, PII) is encrypted at rest and in transit using modern algorithms (e.g., AES-256, TLS 1.3).

2. Dependency Management

Vulnerability Scanning: Check for known vulnerabilities in third-party libraries (e.g., using npm audit, pip-audit, or snyk).
Outdated Packages: Identify and update significantly outdated dependencies.

3. Authentication & Authorization

Credential Management: Ensure passwords are never stored in plain text (use Argon2, bcrypt, or scrypt).
Session Management: Verify secure session handling (HttpOnly, Secure, SameSite flags for cookies).
MFA/2FA: Check for the implementation or requirement of multi-factor authentication where appropriate.

4. Input Validation & Data Handling

Sanitization: Validate and sanitize all user-supplied data at the trust boundary.
Encoding: Ensure output encoding is used to prevent Cross-Site Scripting (XSS).
Secret Management: Confirm that API keys, secrets, and credentials are NOT committed to the repository (use environment variables or secret managers).

Usage Guidelines

When asked to "audit" or "perform a security review":

Systematically go through each category above.
For each finding, categorize it by severity (Critical, High, Medium, Low).
Provide clear remediation steps for every identified issue.
Document any positive security practices already in place.