skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
ruvnet/ruflo1.2k installs

security-audit

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement. Use when: authentication implementation, authorization logic, payment processing, user data handling, API endpoint creation, file upload handling, database queries, external API integration. Skip when: read-only operations on public data, internal development tooling, static documentation, styling changes.

How do I install this agent skill?

npx skills add https://github.com/ruvnet/ruflo --skill security-audit
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    This skill provides a comprehensive security auditing interface using the @claude-flow/cli tool. It enables scans for input validation, path traversal, SQL injection, XSS, and hardcoded secrets, as well as dependency CVE scanning and remediation. No malicious patterns or security risks were identified.

  • Socketpass

    No alerts

  • Snykwarn

    Risk: MEDIUM · No issues

  • Runlayerwarn

    2/3 files flagged

  • ZeroLeakspass

    Score: 93/100 · 2 sections analyzed

What does this agent skill do?

Security Audit Skill

Purpose

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.

When to Trigger

  • authentication implementation
  • authorization logic
  • payment processing
  • user data handling
  • API endpoint creation
  • file upload handling
  • database queries
  • external API integration

When to Skip

  • read-only operations on public data
  • internal development tooling
  • static documentation
  • styling changes

Commands

Full Security Scan

Run comprehensive security analysis on the codebase

npx @claude-flow/cli security scan --depth full

Example:

npx @claude-flow/cli security scan --depth full --output security-report.json

Input Validation Check

Check for input validation issues

npx @claude-flow/cli security scan --check input-validation

Example:

npx @claude-flow/cli security scan --check input-validation --path ./src/api

Path Traversal Check

Check for path traversal vulnerabilities

npx @claude-flow/cli security scan --check path-traversal

SQL Injection Check

Check for SQL injection vulnerabilities

npx @claude-flow/cli security scan --check sql-injection

XSS Check

Check for cross-site scripting vulnerabilities

npx @claude-flow/cli security scan --check xss

CVE Scan

Scan dependencies for known CVEs

npx @claude-flow/cli security cve --scan

Example:

npx @claude-flow/cli security cve --scan --severity high

Security Audit Report

Generate full security audit report

npx @claude-flow/cli security audit --report

Example:

npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md

Threat Modeling

Run threat modeling analysis

npx @claude-flow/cli security threats --analyze

Validate Secrets

Check for hardcoded secrets

npx @claude-flow/cli security validate --check secrets

Scripts

ScriptPathDescription
security-scan.agents/scripts/security-scan.shRun full security scan pipeline
cve-remediate.agents/scripts/cve-remediate.shAuto-remediate known CVEs

References

DocumentPathDescription
Security Checklistdocs/security-checklist.mdSecurity review checklist
OWASP Guidedocs/owasp-top10.mdOWASP Top 10 mitigation guide

Best Practices

  1. Check memory for existing patterns before starting
  2. Use hierarchical topology for coordination
  3. Store successful patterns after completion
  4. Document any new learnings

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/ruvnet/ruflo/security-audit">View security-audit on skillZs</a>