Smithery Logo
MCPsSkillsDocsPricing
Login
NewFlame, an assistant that learns and improves. Available onTelegramSlack
    ruvnet

    security-audit

    ruvnet/security-audit
    Security
    13,844

    About

    SKILL.md

    Install

    • Telegram
      Telegram
    • Slack
      Slack
    • Claude Code
      Claude Code
    • Codex
      Codex
    • OpenClaw
      OpenClaw
    • Cursor
      Cursor
    • Amp
      Amp
    • GitHub Copilot
      GitHub Copilot
    • Gemini CLI
      Gemini CLI
    • Kilo Code
      Kilo Code
    • Junie
      Junie
    • Replit
      Replit
    • Windsurf
      Windsurf
    • Cline
      Cline
    • Continue
      Continue
    • OpenCode
      OpenCode
    • OpenHands
      OpenHands
    • Roo Code
      Roo Code
    • Augment
      Augment
    • Goose
      Goose
    • Trae
      Trae
    • Zencoder
      Zencoder
    • Antigravity
      Antigravity
    • Download skill
    ├─
    ├─
    └─
    Smithery Logo

    Give agents more agency

    Resources

    DocumentationPrivacy PolicySystem Status

    Company

    PricingAboutBlog

    Connect

    © 2026 Smithery. All rights reserved.

    About

    Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement...

    SKILL.md

    Security Audit Skill

    Purpose

    Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.

    When to Trigger

    • authentication implementation
    • authorization logic
    • payment processing
    • user data handling
    • API endpoint creation
    • file upload handling
    • database queries
    • external API integration

    When to Skip

    • read-only operations on public data
    • internal development tooling
    • static documentation
    • styling changes

    Commands

    Full Security Scan

    Run comprehensive security analysis on the codebase

    npx @claude-flow/cli security scan --depth full
    

    Example:

    npx @claude-flow/cli security scan --depth full --output security-report.json
    

    Input Validation Check

    Check for input validation issues

    npx @claude-flow/cli security scan --check input-validation
    

    Example:

    npx @claude-flow/cli security scan --check input-validation --path ./src/api
    

    Path Traversal Check

    Check for path traversal vulnerabilities

    npx @claude-flow/cli security scan --check path-traversal
    

    SQL Injection Check

    Check for SQL injection vulnerabilities

    npx @claude-flow/cli security scan --check sql-injection
    

    XSS Check

    Check for cross-site scripting vulnerabilities

    npx @claude-flow/cli security scan --check xss
    

    CVE Scan

    Scan dependencies for known CVEs

    npx @claude-flow/cli security cve --scan
    

    Example:

    npx @claude-flow/cli security cve --scan --severity high
    

    Security Audit Report

    Generate full security audit report

    npx @claude-flow/cli security audit --report
    

    Example:

    npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md
    

    Threat Modeling

    Run threat modeling analysis

    npx @claude-flow/cli security threats --analyze
    

    Validate Secrets

    Check for hardcoded secrets

    npx @claude-flow/cli security validate --check secrets
    

    Scripts

    Script Path Description
    security-scan .agents/scripts/security-scan.sh Run full security scan pipeline
    cve-remediate .agents/scripts/cve-remediate.sh Auto-remediate known CVEs

    References

    Document Path Description
    Security Checklist docs/security-checklist.md Security review checklist
    OWASP Guide docs/owasp-top10.md OWASP Top 10 mitigation guide

    Best Practices

    1. Check memory for existing patterns before starting
    2. Use hierarchical topology for coordination
    3. Store successful patterns after completion
    4. Document any new learnings
    Recommended Servers
    Guard Mail
    Guard Mail
    Agent Safe Message MCP
    Agent Safe Message MCP
    OpenZeppelin
    OpenZeppelin
    Repository
    ruvnet/claude-flow
    Files