Loading...
Loading...
Comprehensive security audit of codebase using multiple security-auditor agents. Use before production deployments or after major features.
npx skill4agent add taylorhuston/local-life-manager security-audit/security-audit yourbench # Full security review
/security-audit coordinatr # Audit specific project| Agent | Focus Area | Checks |
|---|---|---|
| Agent 1: Auth & Access | Authentication, Authorization | JWT handling, session management, RBAC, privilege escalation |
| Agent 2: Input & Data | Injection, Validation | SQL injection, XSS, command injection, input sanitization |
| Agent 3: Crypto & Secrets | Cryptography, Secrets | Hardcoded credentials, weak crypto, key management, PII |
| Agent 4: Config & Deploy | Configuration, Infrastructure | CORS, CSRF, security headers, exposed endpoints, debug mode |
| Agent 5: Dependencies | Supply Chain, Libraries | Vulnerable packages, outdated deps, license issues |
| OWASP Risk | Coverage |
|---|---|
| A01 Broken Access Control | Agent 1 |
| A02 Cryptographic Failures | Agent 3 |
| A03 Injection | Agent 2 |
| A04 Insecure Design | Agents 1, 4 |
| A05 Security Misconfiguration | Agent 4 |
| A06 Vulnerable Components | Agent 5 |
| A07 Auth Failures | Agent 1 |
| A08 Data Integrity Failures | Agents 2, 3 |
| A09 Logging Failures | Agent 4 |
| A10 SSRF | Agent 2 |
ls spaces/[project]/Write: .claude/temp/security-audit-[project]-[timestamp].md# Security Audit: [Project Name]
**Date**: YYYY-MM-DD HH:MM:SS
## Executive Summary
- Critical issues: X
- High severity: Y
- Total findings: Z
## Critical Issues
### [Issue Title]
- **Severity**: Critical
- **Category**: SQL Injection (CWE-89)
- **Location**: src/api/users.py:42
- **Description**: [What's wrong]
- **Impact**: [What could happen]
- **Remediation**: [How to fix]
## High Severity Issues
[...]
## Recommendations
- Priority actions
- Long-term improvements
## Scan Coverage
- Files scanned: X
- Technologies: Z.claude/temp/security-audit-yourbench-2026-01-08-143022.md.claude/temp/Implement security feature → /security-audit → Fix issues → /commit