start-audit
Guided first-run security audit: doctor, scope, threats, scan, verify, report.
14 stars
byallsmog
Best use case
start-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Guided first-run security audit: doctor, scope, threats, scan, verify, report.
Teams using start-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/start-audit/SKILL.md --create-dirs "https://raw.githubusercontent.com/allsmog/vuln-scout/main/vuln-scout/skills/tasks/start-audit/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/start-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How start-audit Compares
| Feature / Agent | start-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Guided first-run security audit: doctor, scope, threats, scan, verify, report.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Start Audit Use this task skill when the user asks to start a security audit, audit this repo, perform a security review of a codebase, or review this codebase for vulnerabilities. ## Workflow 1. Run `python3 vuln-scout/scripts/doctor.py --strict` or ask the user to address missing quick-profile dependencies. 2. Trigger `session-init` and `large-codebase-check` hooks when the target is a repo or monorepo. 3. Run `/vuln-scout:scope` to establish boundaries and write `.claude/audit-plan.md`. 4. Call `app-mapper`, then `/vuln-scout:threats`, then `threat-modeler`. 5. Run `/vuln-scout:scan --profile quick` first; use `deep` only when optional analyzers are installed or requested. 6. Call `code-reviewer` on prioritized findings. 7. Run `/vuln-scout:verify` per finding that needs confirmation. 8. Finish with `/vuln-scout:report --format bundle --output evidence-bundle`. ## Produces - `.claude/audit-plan.md` - `.claude/review-ledger.json` - `.claude/findings.json` - `report.html` - `evidence-bundle/` ## When NOT To Trigger Do not trigger for knowledge-only questions about STRIDE, OWASP, dangerous functions, framework patterns, compliance mapping, exploit techniques, or vulnerability classes. Let those knowledge skills answer directly unless the user asks to audit a target.
Related Skills
We are still matching the closest adjacent skills for this page. In the meantime, continue through the full directory.