Skill730 estrellas del repoactualizado 25d ago

security-auditor

The security-auditor skill automatically scans code for OWASP Top 10 vulnerabilities and common security weaknesses including SQL injection, cross-site scripting, authentication flaws, and sensitive data exposure. Use it when modifying code files, before deployments, after dependency updates, or whenever security concerns arise to identify exploitable patterns and receive specific remediation guidance.

Ver fuente Repositorio: claude-code-tresor

Instalar en Claude Code

Copiar

git clone --depth 1 https://github.com/alirezarezvani/claude-code-tresor /tmp/security-auditor && cp -r /tmp/security-auditor/skills/security/security-auditor ~/.claude/skills/security-auditor

Después abre una sesión nueva de Claude Code; el skill carga automáticamente.

Definición

SKILL.md

# Security Auditor Skill

Automatic security vulnerability detection.

## When I Activate

- ✅ Code files modified (especially auth, API, database)
- ✅ User mentions security or vulnerabilities
- ✅ Before deployments or commits
- ✅ Dependency changes
- ✅ Configuration file changes

## What I Scan For

### OWASP Top 10 Patterns

**1. SQL Injection**
```javascript
// CRITICAL: SQL injection
const query = `SELECT * FROM users WHERE id = ${userId}`;

// SECURE: Parameterized query
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);
```

**2. XSS (Cross-Site Scripting)**
```javascript
// CRITICAL: XSS vulnerability
element.innerHTML = userInput;

// SECURE: Use textContent or sanitize
element.textContent = userInput;
// or
element.innerHTML = DOMPurify.sanitize(userInput);
```

**3. Authentication Issues**
```javascript
// CRITICAL: Weak JWT secret
const token = jwt.sign(payload, 'secret123');

// SECURE: Strong secret from environment
const token = jwt.sign(payload, process.env.JWT_SECRET);
```

**4. Sensitive Data Exposure**
```python
# CRITICAL: Exposed password
password = "admin123"

# SECURE: Environment variable
password = os.getenv("DB_PASSWORD")
```

**5. Broken Access Control**
```javascript
// CRITICAL: No authorization check
app.delete('/api/users/:id', (req, res) => {
  User.delete(req.params.id);
});

// SECURE: Authorization check
app.delete('/api/users/:id', auth, checkOwnership, (req, res) => {
  User.delete(req.params.id);
});
```

### Additional Security Checks

- **Insecure Deserialization**
- **Security Misconfiguration**
- **Insufficient Logging**
- **CSRF Protection Missing**
- **CORS Misconfiguration**

## Alert Format

```
🚨 CRITICAL: [Vulnerability type]
📍 Location: file.js:42
🔧 Fix: [Specific remediation]
📖 Reference: [OWASP/CWE link]
```

### Severity Levels

- 🚨 **CRITICAL**: Must fix immediately (exploitable vulnerabilities)
- ⚠️ **HIGH**: Should fix soon (security weaknesses)
- 📋 **MEDIUM**: Consider fixing (potential issues)
- 💡 **LOW**: Best practice improvements

## Real-World Examples

### SQL Injection Detection

```javascript
// You write:
app.get('/users', (req, res) => {
  const sql = `SELECT * FROM users WHERE name = '${req.query.name}'`;
  db.query(sql, (err, results) => res.json(results));
});

// I alert:
🚨 CRITICAL: SQL injection vulnerability (line 2)
📍 File: routes/users.js, Line 2
🔧 Fix: Use parameterized queries
  const sql = 'SELECT * FROM users WHERE name = ?';
  db.query(sql, [req.query.name], ...);
📖 https://owasp.org/www-community/attacks/SQL_Injection
```

### Password Storage

```python
# You write:
def create_user(username, password):
    user = User(username=username, password=password)
    user.save()

# I alert:
🚨 CRITICAL: Storing plain text password (line 2)
📍 File: models.py, Line 2
🔧 Fix: Hash passwords before storing
  from bcrypt import hashpw, gensalt
  hashed = hashpw(password.encode(), gensalt())
  user = User(username=username, password=hashed)
📖 Use bcrypt, scrypt, or argon2 for password hashing
```

### API Key Exposure

```javascript
// You write:
const stripe = require('stripe')('sk_live_abc123...');

// I alert:
🚨 CRITICAL: Hardcoded API key detected (line 1)
📍 File: payment.js, Line 1
🔧 Fix: Use environment variables
  const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
📖 Never commit API keys to version control
```

## Dependency Scanning

I can run security audits on dependencies:

```bash
# Node.js
npm audit

# Python
pip-audit

# Results flagged with severity
```

## Relationship with @code-reviewer Sub-Agent

**Me (Skill):** Quick vulnerability pattern detection
**@code-reviewer (Sub-Agent):** Deep security audit with threat modeling

### Workflow
1. I detect vulnerability pattern
2. I flag: "🚨 SQL injection detected"
3. You want full analysis → Invoke **@code-reviewer** sub-agent
4. Sub-agent provides comprehensive security audit

## Common Vulnerability Patterns

### Authentication
- Weak password policies
- Missing MFA
- Session fixation
- Insecure password storage

### Authorization
- Missing access control
- Privilege escalation
- IDOR (Insecure Direct Object Reference)

### Data Protection
- Unencrypted sensitive data
- Weak encryption algorithms
- Missing HTTPS
- Insecure cookies

### Input Validation
- SQL injection
- Command injection
- XSS
- Path traversal

## Sandboxing Compatibility

**Works without sandboxing:** ✅ Yes
**Works with sandboxing:** ✅ Yes

**Optional: For dependency scanning**
```json
{
  "network": {
    "allowedDomains": [
      "registry.npmjs.org",
      "pypi.org",
      "api.github.com"
    ]
  }
}
```

## Integration with Tools

### With secret-scanner Skill
```
security-auditor: Checks code patterns
secret-scanner: Checks for exposed secrets
Together: Comprehensive security coverage
```

### With /review Command
```bash
/review --scope staged --checks security

# Workflow:
# 1. My automatic security findings
# 2. @code-reviewer sub-agent deep audit
# 3. Comprehensive security report
```

## Customization

Add company-specific security patterns:

```bash
cp -r ~/.claude/skills/security/security-auditor \
      ~/.claude/skills/security/company-security-auditor

# Edit SKILL.md to add:
# - Internal API patterns
# - Company security policies
# - Custom vulnerability checks
```

## Learn More

- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
- [CWE Top 25](https://cwe.mitre.org/top25/)
- [Security Best Practices](../../standards/security/)

Del mismo repositorio

config-safety-reviewerSubagent

Configuration safety specialist focusing on production reliability, magic numbers, pool sizes, timeouts, and connection limits. Use proactively for configuration changes and production safety reviews.

docs-writerSubagent

Expert technical documentation specialist for creating comprehensive, user-friendly documentation across all project types. Use proactively for API docs, user guides, and technical documentation.

performance-tunerSubagent

Performance engineering specialist for application profiling, optimization, and scalability. Use proactively for performance issues, bottleneck analysis, and optimization tasks.

refactor-expertSubagent

Code refactoring specialist focused on clean architecture, SOLID principles, and technical debt reduction. Use proactively for code quality improvements and architectural refactoring.

root-cause-analyzerSubagent

Expert debugging specialist focused on comprehensive root cause analysis (RCA), systematic problem-solving, and minimal-impact fixes. Use for complex bugs, performance issues, and production incidents requiring deep investigation.

systems-architectSubagent

Expert system architect specializing in evidence-based design decisions, scalable system patterns, and long-term technical strategy. Use proactively for architectural reviews and system design.

test-engineerSubagent

Specialized testing expert for comprehensive test creation, validation, and quality assurance across all testing levels. Use proactively for test generation and coverage analysis.

code-reviewerSkill

Automatic code quality and best practices analysis. Use proactively when files are modified, saved, or committed. Analyzes code style, patterns, potential bugs, and security basics. Triggers on file changes, git diff, code edits, quality mentions.