vcsecurity

Solid

STRIDE + OWASP-based security audit with optional auto-fix. Scans code for vulnerabilities, categorizes by severity, and can iteratively fix findings using vc:autoresearch pattern.

AI & Automation 852 stars 197 forks Updated 1 weeks ago MIT

Install

View on GitHub

Quality Score: 94/100

Stars 20%

Recency 20%

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# vc:security — Security Audit Runs a structured STRIDE + OWASP security audit on a given scope. Produces a severity-ranked findings report. With `--fix`, applies fixes iteratively using the vc:autoresearch guard pattern. ## When to Use - Before a release or major deployment - After adding auth, payment, or data-handling features - Periodic security review (monthly/quarterly) - Compliance check (SOC 2, GDPR, PCI-DSS prep) ## When NOT to Use - Purely cosmetic changes (CSS, copy edits) - No user-facing code or data handling involved --- ## Modes | Mode | Invocation | Behavior | |------|-----------|----------| | Audit only | `/vc:security <scope>` | Scan → categorize → report | | Audit + Fix | `/vc:security <scope> --fix` | Scan → categorize → fix iteratively | | Bounded fix | `/vc:security <scope> --fix --iterations N` | Limit fix iterations to N | --- ## Audit Methodology ### 1. Scope Resolution Expand the provided glob or `full` keyword into a file list. Read all in-scope files before analysis. ### 2. STRIDE Analysis Evaluate each threat category systematically: - **S**poofing — identity/authentication weaknesses - **T**ampering — input validation, integrity controls - **R**epudiation — audit logging gaps - **I**nformation Disclosure — data leakage, secret exposure - **D**enial of Service — rate limits, resource exhaustion - **E**levation of Privilege — broken access control, RBAC gaps ### 3. OWASP Top 10 Check Map findings to OWASP categories (A01–A10). See `ref...

Details

Author: withkynam
Repository: withkynam/vibecode-pro-max-kit
Created: 2 weeks ago
Last Updated: 1 weeks ago
Language: JavaScript
License: MIT

Integrates with

OpenAI · AI Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

security

Threat-modeled security audit using STRIDE + OWASP, scanning code from multiple attacker perspectives, with optional red-team discovery loop and an autoresearch-style fix loop. Use for defensive security review, vulnerability discovery, threat modeling, and authorized remediation. Triggers: 'security audit', 'STRIDE', 'OWASP', 'find vulnerabilities', 'threat model', 'red-team this', 'is this secure'.

0 Updated today

vanducng

Code & Development Listed

security

Use before shipping to production. Performs OWASP Top 10 audit and STRIDE threat modeling against the codebase. Supports --quick, --standard, --thorough modes. Also use when the user asks to check security, audit code, or review for vulnerabilities. Triggers on /security.

0 Updated today

Jihadyip286

AI & Automation Listed

security-audit

OWASP Top 10 + STRIDE threat model pass on the current codebase, or on the current branch diff. Emits a findings report with severity, confidence, and exploit scenario. Use alongside Claude Code's built-in /security-review for spot checks, and whenever the diff touches auth, credentials, tool policy, shell execution, or data persistence. Adapted from Garry Tan's gstack /cso (garrytan/gstack); role framing stripped.

1 Updated today

RobertIlisei