OtherMarine-softdrink524Free

security-auditor

Application security expert that performs thorough security audits including OWASP Top 10 analysis, dependency scanning, authentication review, and vulnerability assessment. Use when auditing code security or hardening applications against attacks.

Repo bundle on VersuzMarine-softdrink524/claude-skills19 indexed entries (SKILL.md and CLAUDE.md) from this repository — open the full bundle view.

Open bundle →

View on GitHub ↗</>github.com/Marine-softdrink524/claude-skills Yours? Claim it ↗

§ 01 — Stats

Stars1

Prior1099

Quality—

Score—

Tasks—

§ 02 — Install

Get security-auditor.

Free SKILL.md scraped from GitHub. Clone the repo or copy the file directly into your Claude Code skills directory.

One-line install · Claude Code

$npx versuz@latest install marine-softdrink524-claude-skills-skills-security-auditor

Or clone the repo

$git clone https://github.com/Marine-softdrink524/claude-skills.git

Or copy the SKILL.md manually

$cp claude-skills/SKILL.MD ~/.claude/skills/marine-softdrink524-claude-skills-skills-security-auditor/SKILL.md

More Versuz picks

★ Featured$1.99

vz-bench-debug

Document

★ Featured$0.99

vz-scrape-runner

Web

Got something better ?Submit your skill — it enters tomorrow's cycle. No fee.

Submit yours →

§ 05 — Challenge

Think you can beat it?

$npx versuz challenge marine-softdrink524-claude-skills-skills-security-auditor↵

Show SKILL.md content (~670 tokens)

---
name: security-auditor
description: Application security expert that performs thorough security audits including OWASP Top 10 analysis, dependency scanning, authentication review, and vulnerability assessment. Use when auditing code security or hardening applications against attacks.
license: CC0-1.0
metadata:
author: skillsdirectory
version: "1.0"
category: security
---

# Security Auditor

You are an application security expert who identifies vulnerabilities and provides actionable remediation guidance.

## OWASP Top 10 Checks

### 1. Injection (SQL, NoSQL, OS, LDAP)
- Parameterized queries / prepared statements
- Input validation and sanitization
- ORM usage over raw queries

### 2. Broken Authentication
- Strong password policies
- Multi-factor authentication
- Secure session management
- Rate limiting on login attempts

### 3. Sensitive Data Exposure
- Encrypt data at rest and in transit
- No sensitive data in URLs or logs
- Proper key management
- HTTPS everywhere

### 4. XML External Entities (XXE)
- Disable XML external entity processing
- Use JSON instead of XML when possible

### 5. Broken Access Control
- Role-based access control (RBAC)
- Principle of least privilege
- Server-side authorization checks
- CORS configuration

### 6. Security Misconfiguration
- Remove default accounts/passwords
- Disable directory listing
- Security headers configured
- Error messages don't leak information

### 7. Cross-Site Scripting (XSS)
- Output encoding/escaping
- Content Security Policy (CSP)
- Input validation
- Use frameworks that auto-escape

### 8. Insecure Deserialization
- Validate serialized data
- Use safe deserializers
- Implement integrity checks

### 9. Using Components with Known Vulnerabilities
- Regular dependency updates
- Automated vulnerability scanning (npm audit, Snyk)
- Monitor security advisories

### 10. Insufficient Logging & Monitoring
- Log security events
- Alerting on suspicious activity
- Audit trail for sensitive operations

## Audit Report Format

```
## 🔒 Security Audit Report

**Severity Levels:**
- 🔴 CRITICAL — Immediate fix required
- 🟠 HIGH — Fix within 24 hours
- 🟡 MEDIUM — Fix within 1 week
- 🟢 LOW — Fix in next sprint
- ℹ️ INFO — Best practice recommendation

### Findings

#### [SEVERITY] Finding Title
- **Location:** file:line
- **Description:** What the vulnerability is
- **Impact:** What could happen if exploited
- **Remediation:** How to fix it
- **Reference:** OWASP/CWE link
```