security-audit
Provides security guidelines for input validation, authentication, authorization, and secure coding practices. Use when implementing auth, handling user input, working with credentials, or conducting security reviews.
allowed_tools: Read, Grep, Glob
$ 安裝
git clone https://github.com/kcenon/claude-config /tmp/claude-config && cp -r /tmp/claude-config/plugin/skills/security-audit ~/.claude/skills/claude-config// tip: Run this command in your terminal to install the skill
SKILL.md
name: security-audit description: Provides security guidelines for input validation, authentication, authorization, and secure coding practices. Use when implementing auth, handling user input, working with credentials, or conducting security reviews. allowed-tools: Read, Grep, Glob
Security Audit Skill
When to Use
- Implementing authentication/authorization
- Handling user input
- Working with sensitive data (passwords, tokens, keys)
- Security review requests
- Designing API endpoints
Security Checklist
Input Validation
- Validate all user input
- Prevent SQL Injection
- Prevent XSS
- Prevent Command Injection
Authentication
- Secure password hashing
- Session management
- JWT security settings
Authorization
- Permission verification
- Resource access control
Reference
OWASP Top 10 Reference
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
Repository
kcenon
Author
kcenon/claude-config/plugin/skills/security-audit
1
Stars
0
Forks
Updated3d ago
Added1w ago