2

    security-audit

    by Roy Yuen

    Professional security audit skill for web apps and APIs with structured severity-based findings and remediation plans.

    Updated May 2026
    140 views
    Security scanned

    $10

    One-time purchase · Own forever

    ⚡ Also available via Agensi MCP — your AI agent can load this skill on demand via MCP. Learn more →

    Included in download

    • Identify vulnerabilities across app entry points and trust boundaries
    • Classify security risks using structured severity-based ratings
    • Ready for Claude Code
    • Includes example output and usage patterns
    • Instant install

    See it in action

    [HIGH] Auth: Missing CSRF protection on /api/profile. Evidence: user_settings.js L42. Fix: Implement SameSite=Strict cookies and a double-submit token pattern.
[MED] Config: Debug mode enabled in production. Evidence: .env.prod L4. Fix: Set APP_DEBUG=false.

    About This Skill

    What it does

    The Security Audit skill provides a professional-grade framework for reviewing web applications, backend services, and APIs for critical security vulnerabilities. It systematically analyzes entry points, trust boundaries, and data paths to identify risks across authentication, session management, input validation, and infrastructure configuration.

    Why use this skill

    Unlike generic AI prompts that may provide speculative or vague security advice, this skill follows a structured commercial methodology. It focuses on defensible, high-impact risks rather than noise. It automates the "red-teaming" mindset to find insecure defaults and missing hardening steps that developers often overlook during standard code reviews.

    Supported tools

    • Claude Code
    • Codex
    • OpenCode

    What the output looks like

    You receive a structured security report categorized by severity. Each finding includes a concise risk statement, specific evidence from your codebase, and a concrete, actionable remediation plan to fix the vulnerability immediately.

    Key coverage areas

    • Authentication and Authorization flows
    • Input validation and Output safety (XSS/SQLi prevention)
    • Dependency hygiene and configuration hardening
    • API transport security and exposure

    📖 Learn more: Best Frontend & Design Skills for Claude Code →

    Use Cases

    • Identify vulnerabilities across app entry points and trust boundaries
    • Classify security risks using structured severity-based ratings
    • Generate detailed remediation plans for authentication and session flaws
    • Audit API endpoints for common input validation and configuration errors

    Reviews

    No reviews yet — be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    No special permissions declared or detected

    Tags

    security-audit
    web-security
    penetration-testing
    api-security
    application-security

    Claude Code, Codex, OpenCode

    Creator

    Roy Yuen

    Frequently Asked Questions

    Learn More About AI Agent Skills

    Similar Skills

    code-reviewer

    Reviews your code for bugs, security vulnerabilities, logic errors, performance issues, and style violations. Organizes findings by severity and suggests fixes with code examples.

    Free186 installs

    git-commit-writer

    Writes conventional commit messages by analyzing your staged git changes. Detects commit type, scope, and breaking changes automatically.

    Free93 installs

    readme-generator

    Generates a complete, polished README.md by scanning your actual project structure, dependencies, and code.

    Free60 installs

    env-doctor

    Diagnoses why your project will not start. Checks runtime versions, dependencies, environment variables, databases, ports, and build artifacts systematically.

    Free50 installs

    $10

    One-time