Best use case
security is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Security audit workflow - vulnerability scan → verification
Teams using security should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How security Compares
| Feature / Agent | security | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Security audit workflow - vulnerability scan → verification
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# /security - Security Audit Workflow
Dedicated security analysis for sensitive code.
## When to Use
- "Security audit"
- "Check for vulnerabilities"
- "Is this secure?"
- "Review authentication code"
- "Check for injection attacks"
- Before handling auth, payments, user data
- After adding security-sensitive features
## Workflow Overview
```
┌─────────┐ ┌───────────┐
│ aegis │───▶│ arbiter │
│ │ │ │
└─────────┘ └───────────┘
Security Verify
audit fixes
```
## Agent Sequence
| # | Agent | Role | Output |
|---|-------|------|--------|
| 1 | **aegis** | Comprehensive security scan | Vulnerability report |
| 2 | **arbiter** | Verify fixes, run security tests | Verification report |
## Why Dedicated Security?
The `/review` workflow focuses on code quality. Security needs:
- Specialized vulnerability patterns
- Dependency scanning
- Secret detection
- OWASP Top 10 checks
- Authentication/authorization review
## Execution
### Phase 1: Security Audit
```
Task(
subagent_type="aegis",
prompt="""
Security audit: [SCOPE]
Scan for:
**Injection Attacks:**
- SQL injection
- Command injection
- XSS (Cross-Site Scripting)
- LDAP injection
**Authentication/Authorization:**
- Broken authentication
- Session management issues
- Privilege escalation
- Insecure direct object references
**Data Protection:**
- Sensitive data exposure
- Hardcoded secrets/credentials
- Insecure cryptography
- Missing encryption
**Configuration:**
- Security misconfigurations
- Default credentials
- Verbose error messages
- Missing security headers
**Dependencies:**
- Known vulnerable packages
- Outdated dependencies
- Supply chain risks
Output: Detailed report with:
- Severity (CRITICAL/HIGH/MEDIUM/LOW)
- Location (file:line)
- Description
- Remediation steps
"""
)
```
### Phase 2: Verification (After Fixes)
```
Task(
subagent_type="arbiter",
prompt="""
Verify security fixes: [SCOPE]
Run:
- Security-focused tests
- Dependency audit (npm audit, pip audit)
- Re-check reported vulnerabilities
- Verify fixes don't introduce regressions
Output: Verification report
"""
)
```
## Security Scopes
### Full Codebase
```
User: /security
→ Scan entire codebase
```
### Specific Area
```
User: /security authentication
→ Focus on auth-related code
```
### Single File
```
User: /security src/api/auth.py
→ Deep dive on one file
```
### Dependencies Only
```
User: /security --deps
→ Only dependency vulnerabilities
```
## Example
```
User: /security the payment processing code
Claude: Starting /security audit for payment code...
Phase 1: Security audit...
[Spawns aegis]
┌─────────────────────────────────────────────────────────────┐
│ Security Audit Report │
├─────────────────────────────────────────────────────────────┤
│ Scope: src/services/payment/ │
│ Files scanned: 12 │
│ Lines analyzed: 2,847 │
├─────────────────────────────────────────────────────────────┤
│ CRITICAL (1) │
│ ────────── │
│ [C1] SQL Injection in payment.py:89 │
│ query = f"SELECT * FROM orders WHERE id = {order_id}" │
│ Fix: Use parameterized queries │
│ │
│ HIGH (2) │
│ ──────── │
│ [H1] Hardcoded API key in stripe_client.py:12 │
│ STRIPE_KEY = "sk_live_..." │
│ Fix: Move to environment variable │
│ │
│ [H2] Missing input validation in refund.py:45 │
│ amount = request.json['amount'] # No validation │
│ Fix: Validate amount is positive number │
│ │
│ MEDIUM (1) │
│ ────────── │
│ [M1] Verbose error messages in error_handler.py:23 │
│ return {"error": str(e)} # Leaks internal details │
│ Fix: Return generic message, log details internally │
│ │
│ LOW (0) │
│ ─────── │
│ None │
├─────────────────────────────────────────────────────────────┤
│ Summary: 1 critical, 2 high, 1 medium, 0 low │
│ Status: BLOCKING - Fix critical issues before release │
└─────────────────────────────────────────────────────────────┘
Fix the critical and high issues, then run:
/security --verify
```
### After Fixes
```
User: /security --verify
Claude: Phase 2: Verifying fixes...
[Spawns arbiter]
✅ C1: SQL injection fixed - using parameterized queries
✅ H1: API key moved to environment variable
✅ H2: Input validation added
✅ M1: Error messages sanitized
All security tests passing.
Security audit: PASSED
```
## OWASP Top 10 Coverage
| Risk | Checked |
|------|---------|
| A01 Broken Access Control | ✅ |
| A02 Cryptographic Failures | ✅ |
| A03 Injection | ✅ |
| A04 Insecure Design | ✅ |
| A05 Security Misconfiguration | ✅ |
| A06 Vulnerable Components | ✅ |
| A07 Auth Failures | ✅ |
| A08 Data Integrity Failures | ✅ |
| A09 Logging Failures | ✅ |
| A10 SSRF | ✅ |
## Flags
- `--deps`: Dependencies only
- `--verify`: Re-run after fixes
- `--owasp`: Explicit OWASP Top 10 report
- `--secrets`: Focus on secret detectionRelated Skills
supply-chain-security
Typosquatting detection, install script analysis, dependency confusion prevention, and phantom dependency detection for npm/pip.
springboot-security
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
django-security
Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.
config-security-scan
Scan .claude/ directory for security misconfigurations, exposed secrets, unsafe permissions
concurrency-security
TOCTOU prevention, distributed locking, idempotency keys, race condition detection for Node.js and serverless environments.
workflow-router
Goal-based workflow orchestration - routes tasks to specialist agents based on user goals
wiring
Wiring Verification
websocket-patterns
Connection management, room patterns, reconnection strategies, message buffering, and binary protocol design.
visual-verdict
Screenshot comparison QA for frontend development. Takes a screenshot of the current implementation, scores it across multiple visual dimensions, and returns a structured PASS/REVISE/FAIL verdict with concrete fixes. Use when implementing UI from a design reference or verifying visual correctness.
verification-loop
Comprehensive verification system covering build, types, lint, tests, security, and diff review before a PR.
vector-db-patterns
Embedding strategies, ANN algorithms, hybrid search, RAG chunking strategies, and reranking for semantic search and retrieval.