security-audit | pokayokay | ClaudePluginHub

Skill

Community

security-audit

2

Description

Use when reviewing code security, auditing dependencies for CVEs, checking configuration or secret security, assessing authentication and authorization patterns, identifying OWASP vulnerabilities (injection, XSS, CSRF), or addressing security concerns about implementations.

AI Summary

Analyzes code, dependencies, and configurations for security vulnerabilities like OWASP Top 10 risks and CVEs.

Install

1

Add the repository(one-time)

$

/plugin marketplace add srstomp/pokayokay

2

Install the plugin

$

/plugin install pokayokay@pokayokay

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Supporting Assets

View in Repository

references/api-security.md

references/auth-patterns.md

references/dependency-security.md

references/owasp-top-10.md

references/secrets-management.md

Skill Content

Security Audit

Systematic security review for application code, dependencies, and configuration.

Not a replacement for professional penetration testing. Identifies common vulnerabilities within scope of code review.

Audit Types

Type	Focus	When to Use
Code Review	OWASP Top 10, injection, auth	New features, PRs, suspicious code
Dependency	CVEs, outdated packages	Before deploy, periodic, CI/CD
Configuration	Secrets, permissions, hardening	Infrastructure changes, new envs
Architecture	Attack surface, data flow	Design phase, major refactors
API Security	Auth, authz, rate limiting	New endpoints, public APIs

When NOT to Use

Designing new auth flows — Use api-design for designing OAuth2/JWT endpoints from scratch
Performance issues — Use performance-optimization even if caused by auth overhead
CI/CD pipeline security — Use ci-cd for pipeline hardening (secret management, permissions)

Key Principles

Scope first — Define audit area, depth, and constraints before scanning
Classify severity — Critical (24-48h), High (1 week), Medium (2-4 weeks), Low (backlog)
Remediate or track — Fix critical issues immediately, create ohno tasks for the rest
No secrets in code — Scan for hardcoded credentials, API keys, connection strings

Quick Start Checklist

Define audit scope and type (code, dependency, config, architecture, API)
Run automated scans (npm audit, grep patterns, secret detection)
Review findings and classify severity using decision tree in references
Remediate critical/high findings immediately
Create ohno tasks for medium/low findings with appropriate priority
Document findings in audit report

References

Reference	Description
owasp-top-10.md	OWASP vulnerabilities with detection and fixes
dependency-security.md	npm audit, pip-audit, Snyk, CI/CD integration
auth-patterns.md	Secure authentication and authorization patterns
api-security.md	API-specific security concerns
secrets-management.md	Handling sensitive configuration

Links

GitHub Stats

0 forks

Updated 28 days ago

Actions

Similar Skills

Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.

149.6k

Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.

149.6k

algorithmic-art

Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.

anthropic-skills

84.5k