KS
Killer-Skills

security-audit — how to use security-audit how to use security-audit, OWASP Top 10 compliance, security audit checklist, security-audit alternative, security-audit setup guide, what is security-audit, security-audit install, security audit best practices

v1.0.0
GitHub

About this Skill

Ideal for Code Review Agents needing to identify security vulnerabilities based on OWASP guidelines security-audit is a skill that provides a checklist for identifying security vulnerabilities in code, based on the OWASP Top 10 security risks.

Features

Checks for SQL injection vulnerabilities using parameterized statements
Verifies secure authentication practices with bcrypt/argon2 password hashing
Ensures sensitive data exposure protection through encryption at rest and TLS
Validates secure session token generation using random secure tokens
Supports multi-factor authentication for sensitive operations

# Core Topics

how to use security-audit OWASP Top 10 compliance security audit checklist security-audit alternative security-audit setup guide what is security-audit
duhenri9 duhenri9
[0]
[0]
Updated: 3/7/2026

Quality Score

Top 5%
54
Excellent
Based on code quality & docs
Installation
SYS Universal Install (Auto-Detect)
Cursor IDE Windsurf IDE VS Code IDE
> npx killer-skills add duhenri9/wm3_digital/security-audit

Agent Capability Analysis

The security-audit MCP Server by duhenri9 is an open-source Categories.community integration for Claude and other AI agents, enabling seamless task automation and capability expansion. Optimized for how to use security-audit, OWASP Top 10 compliance, security audit checklist.

Ideal Agent Persona

Ideal for Code Review Agents needing to identify security vulnerabilities based on OWASP guidelines

Core Value

Empowers agents to perform comprehensive security audits, ensuring compliance with OWASP Top 10 checklist items such as Injection, Broken Authentication, and Sensitive Data Exposure, using protocols like TLS and encryption at rest

Capabilities Granted for security-audit MCP Server

Auditing code for SQL injection vulnerabilities
Validating password hashing with bcrypt/argon2
Identifying sensitive data exposure risks

! Prerequisites & Limits

  • Requires access to codebase for review
  • Limited to OWASP Top 10 checklist items
Project
SKILL.md
1.7 KB
.cursorrules
1.2 KB
package.json
240 B
Ready
UTF-8

# Tags

[No tags]
SKILL.md
Readonly

Security Audit

When to Use

Use this skill when reviewing code for security or performing security audits.

OWASP Top 10 Checklist

1. Injection

  • SQL queries use parameterized statements
  • OS commands avoid user input
  • LDAP queries are sanitized

2. Broken Authentication

  • Passwords hashed with bcrypt/argon2
  • Session tokens are secure random
  • MFA available for sensitive operations

3. Sensitive Data Exposure

  • Data encrypted at rest
  • TLS for data in transit
  • Secrets not in code/logs

4. XML External Entities (XXE)

  • XML parsing disables external entities
  • JSON preferred over XML

5. Broken Access Control

  • Authorization checked on every request
  • Direct object references validated
  • CORS configured correctly

6. Security Misconfiguration

  • Debug mode disabled in production
  • Default credentials changed
  • Security headers set

7. Cross-Site Scripting (XSS)

  • Output encoding applied
  • Content Security Policy set
  • Input validation present

8. Insecure Deserialization

  • User input not deserialized directly
  • Integrity checks on serialized data

9. Using Components with Known Vulnerabilities

  • Dependencies up to date
  • Vulnerability scanning in CI
  • SBOM maintained

10. Insufficient Logging & Monitoring

  • Security events logged
  • Logs don't contain sensitive data
  • Alerting configured

Report Format

markdown
1## Security Audit: [Component]
2
3### Scope
4[What was reviewed]
5
6### Findings
7| ID | Severity | Issue | Remediation |
8|----|----------|-------|-------------|
9| S1 | Critical | [Issue] | [Fix] |
10
11### Recommendations
121. [Priority recommendation]
132. [Secondary recommendation]

Related Skills

Looking for an alternative to security-audit or building a Categories.community AI Agent? Explore these related open-source MCP Servers.

View All

widget-generator

Logo of f
f

widget-generator is an open-source AI agent skill for creating widget plugins that are injected into prompt feeds on prompts.chat. It supports two rendering modes: standard prompt widgets using default PromptCard styling and custom render widgets built as full React components.

149.6k
0
Design

chat-sdk

Logo of lobehub
lobehub

chat-sdk is a unified TypeScript SDK for building chat bots across multiple platforms, providing a single interface for deploying bot logic.

73.0k
0
Communication

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
Communication

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
Communication