ReddRadar
Agent skill
security-audit
Use when reviewing code security, auditing dependencies for CVEs, checking configuration or secret security, assessing authentication and authorization patterns, identifying OWASP vulnerabilities (injection, XSS, CSRF), or addressing security concerns about implementations.
Install this agent skill to your Project
npx add-skill https://github.com/nicepkg/auto-company/tree/main/.claude/skills/security-audit
SKILL.md
Security Audit
Systematic security review for application code, dependencies, and configuration.
Not a replacement for professional penetration testing. Identifies common vulnerabilities within scope of code review.
Audit Types
| Type | Focus | When to Use |
|---|---|---|
| Code Review | OWASP Top 10, injection, auth | New features, PRs, suspicious code |
| Dependency | CVEs, outdated packages | Before deploy, periodic, CI/CD |
| Configuration | Secrets, permissions, hardening | Infrastructure changes, new envs |
| Architecture | Attack surface, data flow | Design phase, major refactors |
| API Security | Auth, authz, rate limiting | New endpoints, public APIs |
When NOT to Use
- Designing new auth flows — Use
api-designfor designing OAuth2/JWT endpoints from scratch - Performance issues — Use
performance-optimizationeven if caused by auth overhead - CI/CD pipeline security — Use
ci-cdfor pipeline hardening (secret management, permissions)
Key Principles
- Scope first — Define audit area, depth, and constraints before scanning
- Classify severity — Critical (24-48h), High (1 week), Medium (2-4 weeks), Low (backlog)
- Remediate or track — Fix critical issues immediately, create ohno tasks for the rest
- No secrets in code — Scan for hardcoded credentials, API keys, connection strings
Quick Start Checklist
- Define audit scope and type (code, dependency, config, architecture, API)
- Run automated scans (npm audit, grep patterns, secret detection)
- Review findings and classify severity using decision tree in references
- Remediate critical/high findings immediately
- Create ohno tasks for medium/low findings with appropriate priority
- Document findings in audit report
References
| Reference | Description |
|---|---|
| owasp-top-10.md | OWASP vulnerabilities with detection and fixes |
| dependency-security.md | npm audit, pip-audit, Snyk, CI/CD integration |
| auth-patterns.md | Secure authentication and authorization patterns |
| api-security.md | API-specific security concerns |
| secrets-management.md | Handling sensitive configuration |
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
nicepkg/auto-company
micro-saas-launcher
Expert in launching small, focused SaaS products fast - the indie hacker approach to building profitable software. Covers idea validation, MVP development, pricing, launch strategies, and growing to sustainable revenue. Ship in weeks, not months. Use when: micro saas, indie hacker, small saas, side project, saas mvp.
nicepkg/auto-company
seo-audit
When the user wants to audit, review, or diagnose SEO issues on their site. Also use when the user mentions "SEO audit," "technical SEO," "why am I not ranking," "SEO issues," "on-page SEO," "meta tags review," or "SEO health check." For building pages at scale to target keywords, see programmatic-seo. For adding structured data, see schema-markup.
nicepkg/auto-company
deep-analysis
Analytical thinking patterns for comprehensive evaluation, code audits, security analysis, and performance reviews. Provides structured templates for thorough investigation with extended thinking support.
nicepkg/auto-company
ux-audit-rethink
Comprehensive UX audit using IxDF's 7 factors, 5 usability characteristics, and 5 interaction dimensions. Holistic evaluation with redesign proposals based on user-centered design principles.
nicepkg/auto-company
startup-financial-modeling
This skill should be used when the user asks to "create financial projections", "build a financial model", "forecast revenue", "calculate burn rate", "estimate runway", "model cash flow", or requests 3-5 year financial planning for a startup.
nicepkg/auto-company
ph-community-outreach
Engage Reddit, Indie Hackers, Hacker News and other communities for Product Hunt launches. Use this skill to identify relevant communities, craft appropriate posts, and drive cross-platform engagement without appearing spammy.
Didn't find tool you were looking for?