On-demand security and code quality audit. Use when checking for vulnerabilities, security issues, code smells, or compliance problems. Trigger keywords - "audit", "security check", "vulnerability scan", "code quality", "compliance", "security audit".
View on GitHubFebruary 5, 2026
Select agents to install to:
npx add-skill https://github.com/MadAppGang/claude-code/blob/main/plugins/dev/skills/audit/SKILL.md -a claude-code --skill auditInstallation paths:
.claude/skills/audit/# Audit Skill ## Overview The audit skill provides comprehensive on-demand security and code quality audits for your codebase. It identifies vulnerabilities, security issues, code smells, outdated dependencies, exposed secrets, and compliance problems across all supported technology stacks. **When to Use**: - Security audits and vulnerability scans - Pre-deployment security checks - Compliance verification (GDPR, HIPAA, SOC2) - Code quality assessment - Dependency vulnerability scanning - Secret exposure detection - Third-party license compliance **Technology Coverage**: - React/TypeScript/JavaScript projects - Go applications - Rust projects - Python codebases - Full-stack applications - Monorepos and microservices ## Audit Categories ### 1. Security Vulnerabilities (OWASP Top 10) **What Gets Checked**: - SQL injection vulnerabilities - Cross-site scripting (XSS) - Authentication and session management flaws - Security misconfigurations - Sensitive data exposure - XML external entities (XXE) - Broken access control - Cross-site request forgery (CSRF) - Using components with known vulnerabilities - Insufficient logging and monitoring **Detection Methods**: - Static code analysis - Pattern matching for common vulnerabilities - Framework-specific security checks - API endpoint security validation - Input validation analysis ### 2. Dependency Vulnerabilities **What Gets Checked**: - Outdated packages with known CVEs - Unmaintained dependencies - License compatibility issues - Transitive dependency risks - Version conflicts **Package Managers Supported**: - npm/yarn/pnpm (JavaScript/TypeScript) - go.mod (Go) - Cargo.toml (Rust) - requirements.txt/pyproject.toml (Python) - Gemfile (Ruby) **Tools Used**: - `npm audit` / `yarn audit` / `pnpm audit` - `go mod verify` + vulnerability databases - `cargo audit` - `pip-audit` / `safety` ### 3. Exposed Secrets and Credentials **What Gets Detected**: - Hardcoded API keys and tokens - Database credentials - Private k