security-audit
Deep security audit covering OWASP Top 10, authentication, authorization, data protection, dependency vulnerabilities, and secrets scanning. Delegates to the Centinela (QA) agent.
Best use case
security-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Deep security audit covering OWASP Top 10, authentication, authorization, data protection, dependency vulnerabilities, and secrets scanning. Delegates to the Centinela (QA) agent.
Teams using security-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How security-audit Compares
| Feature / Agent | security-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Deep security audit covering OWASP Top 10, authentication, authorization, data protection, dependency vulnerabilities, and secrets scanning. Delegates to the Centinela (QA) agent.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Security Audit
Performs a deep security audit using the Centinela (QA) agent.
## When to Use This Skill
- Before a release to verify security posture
- After significant code changes that touch authentication, authorization, or data handling
- Periodic security review of the codebase
- When adding new dependencies or external integrations
## What This Skill Does
1. Runs the SIGN IN checklist
2. Performs OWASP Top 10 systematic check (A01-A10)
3. Scans for hardcoded secrets, API keys, tokens, and connection strings
4. Audits dependencies for known CVEs
5. Checks smart contracts if Solidity is present (reentrancy, overflow, access control)
6. Runs Security Verification and Quality Verification checklists (TIME OUT)
7. Issues verdict and writes report to `docs/reviews/security-audit-{date}.md`
8. Prepares findings handoff to Dev agent
## How to Use
### Basic Usage
```
/security-audit
```
### Scoped Audit
```
/security-audit src/auth/ src/api/
```
## Example
**User**: `/security-audit src/payments/`
**Output**: A security audit report at `docs/reviews/security-audit-2026-02-23.md` with:
- OWASP Top 10 findings organized by severity
- Secrets scan results
- Dependency vulnerability report
- Verdict: APPROVED or CHANGES REQUIRED
- Fix order recommendation for the Dev agent
## Tips
- If no scope is specified, the entire `src/` directory is audited
- Critical findings trigger the Non-Normal emergency checklist
- The agent will never attempt to fix vulnerabilities — only document themRelated Skills
security-guardrails
Adversarial defense layer for the mortgage plugin — protects against prompt injection, system prompt extraction, PII leakage, workflow bypass, and social engineering attacks.
tiktok-automation
Automate TikTok tasks via Rube MCP (Composio): upload/publish videos, post photos, manage content, and view user profiles/stats. Always search tools first for current schemas.
theme-factory
Toolkit for styling artifacts with a theme. These artifacts can be slides, docs, reportings, HTML landing pages, etc. There are 10 pre-set themes with colors/fonts that you can apply to any artifact that has been creating, or can generate a new theme on-the-fly.
telegram-automation
Automate Telegram tasks via Rube MCP (Composio): send messages, manage chats, share photos/documents, and handle bot commands. Always search tools first for current schemas.
tailored-resume-generator
Analyzes job descriptions and generates tailored resumes that highlight relevant experience, skills, and achievements to maximize interview chances
supabase-automation
Automate Supabase database queries, table management, project administration, storage, edge functions, and SQL execution via Rube MCP (Composio). Always search tools first for current schemas.
stripe-automation
Automate Stripe tasks via Rube MCP (Composio): customers, charges, subscriptions, invoices, products, refunds. Always search tools first for current schemas.
square-automation
Automate Square tasks via Rube MCP (Composio): payments, orders, invoices, locations. Always search tools first for current schemas.
slack-message-formatter
Format messages for Slack with pixel-perfect accuracy. Converts Markdown to rich HTML (for copy-paste into Slack) or Slack mrkdwn (for API/webhook). Use when the user asks to write a Slack message, announcement, or notification, format something "for Slack", preview how content looks in Slack, or send a message via Slack webhook. Also trigger when user mentions Slack formatting, mrkdwn, or wants to share Markdown content in Slack channels.
slack-gif-creator
Toolkit for creating animated GIFs optimized for Slack, with validators for size constraints and composable animation primitives. This skill applies when users request animated GIFs or emoji animations for Slack from descriptions like "make me a GIF for Slack of X doing Y".
slack-automation
Automate Slack messaging, channel management, search, reactions, and threads via Rube MCP (Composio). Send messages, search conversations, manage channels/users, and react to messages programmatically.
skill-share
A skill that creates new Claude skills and automatically shares them on Slack using Rube for seamless team collaboration and skill discovery.