code-auditlisted
Install: claude install-skill 3stoneBrother/code-audit
# Code Audit Skill
> 专业代码安全审计技能 | Professional Code Security Audit
> 支持模式: quick / standard / deep
## When to Use This Skill
This skill should be used when:
- User requests **code audit**, **security audit**, or **vulnerability scanning**
- User asks to **check code security** or **find security issues**
- User mentions **/audit** or **/code-audit**
- User wants to **review code for vulnerabilities** before deployment
- User needs **penetration testing preparation** or **security assessment**
**Trigger phrases:**
- "审计这个项目" / "Audit this project"
- "检查代码安全" / "Check code security"
- "找出安全漏洞" / "Find security vulnerabilities"
- "/audit", "/code-audit"
---
## Quick Reference
### Scan Modes
| Mode | Use Case | Scope |
|------|----------|-------|
| **Quick** | CI/CD, small projects | High-risk vulns, secrets, dependency CVEs |
| **Standard** | Regular audits | OWASP Top 10, auth, crypto |
| **Deep** | Critical projects, pentests | Full coverage, attack chains, business logic |
### Core Workflow
```
1. Reconnaissance → Identify tech stack, map attack surface
2. Vulnerability Hunt → Search patterns, trace data flow
3. Verification → Confirm exploitability, filter false positives
4. Docker Verify → [NEW] Dynamic verification in sandbox (optional)
5. Report → Document findings with PoC and fixes
```
### Docker部署验证
对于深度审计,可使用Docker沙箱进行**动态验证**:
```bash
# 生成验证环境
code-audit --generate-docker-env
# 启动并验证
docker-compose up -d
docker exec -it sandbox python /