Back to Skills

security-audit

verified

Security review of application code, dependencies, configurations, and architecture. Covers OWASP Top 10, dependency scanning, secret management, authentication patterns, and API security. Use this skill when reviewing security of code, auditing dependencies for vulnerabilities, checking configuration security, assessing API endpoints, or answering security concerns about implementations. Triggers on "security", "audit", "vulnerability", "CVE", "OWASP", "injection", "XSS", "CSRF", "authentication security", "authorization flaw".

View on GitHub

Marketplace

pokayokay

srstomp/pokayokay

Plugin

pokayokay

productivity

Repository

srstomp/pokayokay
2stars

plugins/pokayokay/skills/security-audit/SKILL.md

Last Verified

January 23, 2026

Install Skill

Select agents to install to:

Scope:
npx add-skill https://github.com/srstomp/pokayokay/blob/main/plugins/pokayokay/skills/security-audit/SKILL.md -a claude-code --skill security-audit

Installation paths:

Claude
.claude/skills/security-audit/
Powered by add-skill CLI

Instructions

# Security Audit

Systematic security review for application code, dependencies, and configuration.

**This skill is NOT a replacement for professional penetration testing or security audits.** It identifies common vulnerabilities and provides remediation guidance within the scope of code review.

## Audit Process

```
┌─────────────────────────────────────────────────────────────┐
│                    SECURITY AUDIT                            │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  1. SCOPE           2. SCAN              3. ANALYZE         │
│  ┌─────────────┐   ┌─────────────┐      ┌─────────────┐    │
│  │ Define area │ → │ Run tools   │  →   │ Review      │    │
│  │ Set depth   │   │ Check deps  │      │ findings    │    │
│  │ Identify    │   │ Grep code   │      │ Classify    │    │
│  │ constraints │   │             │      │ severity    │    │
│  └─────────────┘   └─────────────┘      └─────────────┘    │
│                                                             │
│  4. REMEDIATE       5. DOCUMENT                             │
│  ┌─────────────┐   ┌─────────────┐                         │
│  │ Fix critical│ → │ Report      │                         │
│  │ Create      │   │ Create ohno │                         │
│  │ guidance    │   │ tasks       │                         │
│  └─────────────┘   └─────────────┘                         │
│                                                             │
└─────────────────────────────────────────────────────────────┘
```

## Audit Types

| Type | Focus | When to Use |
|------|-------|-------------|
| Code Review | OWASP Top 10, injection, auth | New features, PRs, suspicious code |
| Dependency | CVEs, outdated packages | Before deploy, periodic, CI/CD |
| Configuration | Secrets, permissions, hardening | Infrastructure changes, new envs |
| Architecture | Attack surface, data flow | Design phase, major refactors |
| A

Validation Details

Front Matter
Required Fields
Valid Name Format
Valid Description
Has Sections
Allowed Tools
Instruction Length:
9819 chars