security-audit

Featured

Audit the game for security vulnerabilities: save tampering, cheat vectors, network exploits, data exposure, and input validation gaps. Produces a prioritised security report with remediation guidance. Run before any public release or multiplayer launch.

AI & Automation 21,463 stars 3118 forks Updated 3 weeks ago MIT

Install

View on GitHub

Quality Score: 97/100

Stars 20%

100

Recency 20%

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Security Audit Security is not optional for any shipped game. Even single-player games have save tampering vectors. Multiplayer games have cheat surfaces, data exposure risks, and denial-of-service potential. This skill systematically audits the codebase for the most common game security failures and produces a prioritised remediation plan. **Run this skill:** - Before any public release (required for the Polish → Release gate) - Before enabling any online/multiplayer feature - After implementing any system that reads from disk or network - When a security-related bug is reported **Output:** `production/security/security-audit-[date].md` --- ## Phase 1: Parse Arguments and Scope **Modes:** - `full` — all categories (recommended before release) - `network` — network/multiplayer only - `save` — save file and serialization only - `input` — input validation and injection only - `quick` — high-severity checks only (fastest, for iterative use) - No argument — run `full` Read `.claude/docs/technical-preferences.md` to determine: - Engine and language (affects which patterns to search for) - Target platforms (affects which attack surfaces apply) - Whether multiplayer/networking is in scope --- ## Phase 2: Spawn Security Engineer Spawn `security-engineer` via Task. Pass: - The audit scope/mode - Engine and language from technical preferences - A manifest of all source directories: `src/`, `assets/data/`, any config files The security-engineer runs the audit across 6 categ...

Details

Author: Donchitos
Repository: Donchitos/Claude-Code-Game-Studios
Created: 4 months ago
Last Updated: 3 weeks ago
Language: Shell
License: MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

Code & Development Listed

security-audit

Runs the three-pass AiGNITE security audit on any mobile or backend project before deployment. Identifies vulnerabilities, applies fixes, and re-audits to catch regressions introduced by the fixes. Produces a tier-classified SECURITY_AUDIT.md with CWE references. Use this skill whenever the user mentions a security audit, pre-deploy check, asking whether code is safe to ship, vulnerability check, security review, or auditing an app, even if they do not name the skill by name.

0 Updated 2 weeks ago

nuwansamaranayake

Data & Documents Listed

security-audit

Deep adversarial security audit engine for full-stack web applications. Use this skill when the user wants to audit a codebase for security vulnerabilities, broken access control, injection risks, authentication weaknesses, payment security, file upload exploits, IDOR, CSRF, SSRF, RLS bypass, business logic abuse, rate limiting gaps, or deployment security issues. Trigger whenever the user says "audit my security", "find vulnerabilities", "pen test my app", "is this secure", "check for IDOR", "harden my auth", "review my payment flow for exploits", "can someone bypass this", "what can an attacker do", or shares code and asks about security, exploits, or hardening. Also trigger proactively when reviewing any app that handles auth, payments, file uploads, admin routes, or user-generated content — even if the user doesn't use the word "security".

2 Updated 1 weeks ago

Heet-P

AI & Automation Listed

security-audit

Audit code and dependencies for security vulnerabilities. Use when reviewing PRs, checking dependencies, preparing for deployment, or when user mentions security, vulnerabilities, or audit.

0 Updated today

israel7852