security-audit
Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement. Use when: authentication implementation, authorization logic, payment processing, user data handling, API endpoint creation, file upload handling, database queries, external API integration. Skip when: read-only operations on public data, internal development tooling, static documentation, styling changes.
How do I install this agent skill?
npx skills add https://github.com/ruvnet/ruflo --skill security-auditIs this agent skill safe to install?
- Gen Agent Trust Hubpass
This skill provides a comprehensive security auditing interface using the @claude-flow/cli tool. It enables scans for input validation, path traversal, SQL injection, XSS, and hardcoded secrets, as well as dependency CVE scanning and remediation. No malicious patterns or security risks were identified.
- Socketpass
No alerts
- Snykwarn
Risk: MEDIUM · No issues
- Runlayerwarn
2/3 files flagged
- ZeroLeakspass
Score: 93/100 · 2 sections analyzed
What does this agent skill do?
Security Audit Skill
Purpose
Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.
When to Trigger
- authentication implementation
- authorization logic
- payment processing
- user data handling
- API endpoint creation
- file upload handling
- database queries
- external API integration
When to Skip
- read-only operations on public data
- internal development tooling
- static documentation
- styling changes
Commands
Full Security Scan
Run comprehensive security analysis on the codebase
npx @claude-flow/cli security scan --depth full
Example:
npx @claude-flow/cli security scan --depth full --output security-report.json
Input Validation Check
Check for input validation issues
npx @claude-flow/cli security scan --check input-validation
Example:
npx @claude-flow/cli security scan --check input-validation --path ./src/api
Path Traversal Check
Check for path traversal vulnerabilities
npx @claude-flow/cli security scan --check path-traversal
SQL Injection Check
Check for SQL injection vulnerabilities
npx @claude-flow/cli security scan --check sql-injection
XSS Check
Check for cross-site scripting vulnerabilities
npx @claude-flow/cli security scan --check xss
CVE Scan
Scan dependencies for known CVEs
npx @claude-flow/cli security cve --scan
Example:
npx @claude-flow/cli security cve --scan --severity high
Security Audit Report
Generate full security audit report
npx @claude-flow/cli security audit --report
Example:
npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md
Threat Modeling
Run threat modeling analysis
npx @claude-flow/cli security threats --analyze
Validate Secrets
Check for hardcoded secrets
npx @claude-flow/cli security validate --check secrets
Scripts
| Script | Path | Description |
|---|---|---|
security-scan | .agents/scripts/security-scan.sh | Run full security scan pipeline |
cve-remediate | .agents/scripts/cve-remediate.sh | Auto-remediate known CVEs |
References
| Document | Path | Description |
|---|---|---|
Security Checklist | docs/security-checklist.md | Security review checklist |
OWASP Guide | docs/owasp-top10.md | OWASP Top 10 mitigation guide |
Best Practices
- Check memory for existing patterns before starting
- Use hierarchical topology for coordination
- Store successful patterns after completion
- Document any new learnings
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/ruvnet/ruflo/security-audit">View security-audit on skillZs</a>