Skill

security-audit

7-domain security hardening audit — OWASP Top 10 2025, MITRE ATT&CK mapping, NIST CSF 2.0 alignment, secret detection, supply chain audit, container security, DevSecOps pipeline. Grounded in 734 cybersecurity skills.

Install

npx claudepluginhub shaheerkhawaja/productionos --plugin productionos

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Use this as the Codex-first security audit workflow. It is detection-first and evidence-first: find concrete security issues, map them to frameworks, and never cross into exploit behavior.

SKILL.md

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

157.6k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

157.6k

Agent Development

6 files

Guides agent creation for Claude Code plugins with file templates, frontmatter specs (name, description, model), triggering examples, system prompts, and best practices.

plugin-dev

83.2k

Stats

Stars6

Forks2

Last CommitApr 14, 2026

Actions

View Source View Plugin View on GitHub View README

security-audit

Overview

Use this as the Codex-first security audit workflow. It is detection-first and evidence-first: find concrete security issues, map them to frameworks, and never cross into exploit behavior.

Source references:

.claude/commands/security-audit.md

agents/security-hardener.md

Inputs

framework: owasp, mitre, nist, or all

scope: full or changed-files

repository path or current checkout

Codex Workflow

Resolve scope and prior audit context.

Audit the codebase across the main security domains:

access control
crypto and secrets handling
injection risk
security misconfiguration
dependency and supply-chain risk
auth/session weaknesses
logging, monitoring, and SSRF-style outbound risk

Map every real finding to a framework category where possible.

Classify severity and explain exploitability and impact.

End with an actionable posture summary, not just a list of grep hits.

Expected Output

findings with severity, evidence, and framework mapping

overall security posture summary

concrete remediations

Guardrails

never attempt live exploitation

never expose secret values in output

every finding must be backed by file and line evidence

security-audit

Overview

Use this as the Codex-first security audit workflow. It is detection-first and evidence-first: find concrete security issues, map them to frameworks, and never cross into exploit behavior.

Source references:

.claude/commands/security-audit.md
agents/security-hardener.md

Inputs

framework: owasp, mitre, nist, or all
scope: full or changed-files
repository path or current checkout

Codex Workflow

Resolve scope and prior audit context.
Audit the codebase across the main security domains:
- access control
- crypto and secrets handling
- injection risk
- security misconfiguration
- dependency and supply-chain risk
- auth/session weaknesses
- logging, monitoring, and SSRF-style outbound risk
Map every real finding to a framework category where possible.
Classify severity and explain exploitability and impact.
End with an actionable posture summary, not just a list of grep hits.

Expected Output

findings with severity, evidence, and framework mapping
overall security posture summary
concrete remediations

Guardrails

never attempt live exploitation
never expose secret values in output
every finding must be backed by file and line evidence