velimattiv

User

A thorough, polyglot, multi-phase security audit skill for Claude Code. Discovers attack surfaces across 60+ frameworks, runs a SARIF scanner bundle, executes 9 parallel deep-dive categories, and produces an OWASP-methodology-tagged report.

2 indexed · 0 Featured · 0 stars · avg score 71

View on GitHub →

Indexed Skills (2)

AI & Automation Listed

security-audit

Comprehensive polyglot security audit across 60+ frameworks. Runs a SARIF scanner bundle, fans out 11 parallel deep-dive categories (incl. supply-chain and MCP/agentic), and emits an OWASP-methodology-tagged report. Invoke when the user says 'run security audit', 'security audit', 'audit security', or passes args like 'mode: delta' / 'scope: services/api' / 'categories: crypto,mitm,secrets' / 'output: docs/security-audit-output'. Typical run 15-60 min (full) or 2-5 min (delta). MANDATORY ARTIFACT CONTRACT: every run MUST write (1) .claude-audit/current/ as your FIRST tool action via mkdir -p; (2) per-phase phase-NN-*.json AND a phase-NN.done marker for each completed phase 0-7 (8 if mode=full) BEFORE moving to the next phase; (3) findings.sarif (SARIF 2.1.0) where EVERY results[] row carries properties.security-severity (CVSS-style numeric) AND properties.cwe (e.g. 'CWE-798' — required for downstream tooling, lookup in lib/cwe-map.json) AND optionally properties.category (one of: auth, idor, token_scope, mitm

0 Updated 2 days ago

velimattiv

Code & Development Listed

bmad-review-adversarial-general

Perform a Cynical Review and produce a findings report. Use when the user requests a critical review of something

0 Updated 2 days ago

velimattiv

Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.

Categories

Indexed Skills (2)

security-audit

bmad-review-adversarial-general