← ClaudeAtlas

security-auditlisted

Audit code and dependencies for security vulnerabilities. Use when reviewing PRs, checking dependencies, preparing for deployment, or when user mentions security, vulnerabilities, or audit.
israel7852/claude-code-mastery · ★ 0 · AI & Automation · score 72
Install: claude install-skill israel7852/claude-code-mastery
# Security Audit Skill Perform comprehensive security audits on codebases to identify vulnerabilities before they reach production. ## When to Use This Skill - User mentions "security", "audit", "vulnerability", "CVE" - Before deployment commands - During PR reviews - User asks about dependencies - Periodic security checks ## Audit Checklist ### 1. Secrets Exposure **Check for hardcoded secrets:** ```bash # Search for common secret patterns grep -rn "API_KEY\|SECRET\|TOKEN\|PASSWORD" --include="*.{js,ts,py,go,rb,java}" . grep -rn "sk-\|pk_\|api_\|secret_" --include="*.{js,ts,py,go,rb,java}" . ``` **Verify .gitignore:** ```bash # Ensure sensitive files are ignored cat .gitignore | grep -E "\.env|secret|credential|\.pem|\.key" ``` **Check git history for leaked secrets:** ```bash # Search recent commits (requires git-secrets or truffleHog) git log -p --all -S "API_KEY" --since="30 days ago" ``` ✅ Pass criteria: - No hardcoded API keys, tokens, or passwords - `.env` files in `.gitignore` - No secrets in git history ### 2. Dependency Vulnerabilities **Node.js:** ```bash npm audit # or yarn audit # or pnpm audit ``` **Python:** ```bash pip-audit # or safety check ``` **Go:** ```bash govulncheck ./... ``` **Rust:** ```bash cargo audit ``` ✅ Pass criteria: - No critical vulnerabilities - No high vulnerabilities > 30 days old - Dependencies updated within last 90 days ### 3. Input Validation **Check for:** - User inputs sanitized before use - SQL queries use parame