ReddRadar
Agent skill
workflow-security-audit
Comprehensive security assessment and remediation. Use for security reviews, compliance checks, vulnerability assessments.
Install this agent skill to your Project
npx add-skill https://github.com/NickCrew/Claude-Cortex/tree/main/skills/workflow-security-audit
SKILL.md
Security Audit Workflow
Comprehensive security assessment process.
Phase 1: Threat Assessment
Agents: security-auditor
Scope:
- Authentication & authorization
- Data protection
- API security
- Dependency vulnerabilities
- Infrastructure security
Output: Threat model, risk assessment, priority list
Phase 2: Automated Scanning
Agents: security-auditor
Tools to run:
- Dependency check (npm audit, pip-audit, cargo audit)
- Static analysis (semgrep, bandit, etc.)
- Secret scanning (trufflehog, gitleaks)
Output: Vulnerability report with severity ratings
Phase 3: Manual Code Review
Agents: security-auditor
Focus areas:
- Input validation
- Output encoding
- Authentication logic
- Authorization checks
- Cryptography usage
- Session management
Phase 4: Penetration Testing
Agents: security-auditor
Test for:
- SQL injection
- XSS attacks
- CSRF attacks
- Authentication bypass
- Privilege escalation
Phase 5: Remediation Planning
Agents: requirements-analyst
- Create fix tasks from vulnerability report
- Prioritize by severity
- Estimate timeline
- Allocate resources
Phase 6: Fix Implementation
Blocking: Validation required before proceeding
Phase 7: Security Validation
Agents: security-auditor
- Retest all identified vulnerabilities
- Regression checks
- Verify fixes don't introduce new issues
Phase 8: Documentation
Agents: technical-writer
- Security audit report
- Compliance documentation
- Security best practices guide
Phase 9: Compliance Check
Agents: security-auditor
Standards:
- OWASP Top 10
- GDPR (if applicable)
- SOC2 (if applicable)
- HIPAA (if applicable)
Success Criteria
- All critical vulnerabilities fixed
- All high vulnerabilities fixed
- Compliance requirements met
- Security tests pass
Severity Levels
| Level | Response Time | Examples |
|---|---|---|
| Critical | Immediate | RCE, auth bypass, data breach |
| High | 24-48h | SQL injection, privilege escalation |
| Medium | 1 week | XSS, CSRF, information disclosure |
| Low | Next sprint | Best practice violations |
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
NickCrew/Claude-Cortex
claude-consult
Consult Claude specialist agents during implementation for codebase understanding, pattern checking, security review, debugging help, and more. Use this skill whenever you're unsure about conventions, stuck on a failure, or need expert input before writing code. Does not replace the formal review gates in agent-loops — this is for mid-implementation consultation.
NickCrew/Claude-Cortex
doc-quality-review
Assess documentation quality across readability, consistency, audience fit, and prose clarity. Produces a scored review with actionable findings. This skill should be used before releases, during doc reviews, or when documentation feels unclear or inconsistent.
NickCrew/Claude-Cortex
event-driven-architecture
Event-driven architecture patterns with event sourcing, CQRS, and message-driven communication. Use when designing distributed systems, microservices communication, or systems requiring eventual consistency and scalability.
NickCrew/Claude-Cortex
prompt-engineering
Optimize prompts for LLMs and AI systems with structured techniques, evaluation patterns, and synthetic test data generation. Use when building AI features, improving agent performance, or crafting system prompts.
NickCrew/Claude-Cortex
compliance-audit
Regulatory compliance auditing across GDPR, HIPAA, PCI DSS, SOC 2, and ISO frameworks with automated evidence collection and gap analysis. Use when conducting compliance assessments, preparing for certifications, or implementing regulatory controls.
NickCrew/Claude-Cortex
react-performance-optimization
React performance optimization patterns using memoization, code splitting, and efficient rendering strategies. Use when optimizing slow React applications, reducing bundle size, or improving user experience with large datasets.
Didn't find tool you were looking for?