Security Audit & Compliance Toolkit
A professional-grade toolkit for SAST code reviews, PII scanning, and automated compliance gap analysis.
- Identify OWASP Top 10 vulnerabilities like SQL injection and broken auth.
- Scan repositories for hardcoded secrets, API keys, and private tokens.
- Perform technical gap analysis for GDPR, SOC2, and HIPAA standards.
$12.99
· or 65 creditsSecure checkout via Stripe
Included in download
- Identify OWASP Top 10 vulnerabilities like SQL injection and broken auth.
- Scan repositories for hardcoded secrets, API keys, and private tokens.
- terminal automation included
- Ready for Optimized for Claude Code
Sample input
Perform a security audit on my Node/Express API. I'm worried about OWASP vulnerabilities and hardcoded secrets in my git history. I also need to be GDPR compliant for EU users.
Sample output
Security Audit Results: Node/Express API
Severity: Critical
- Finding: Hardcoded AWS Access Key in
config/db.js:14. - Finding: SQL Injection vulnerability in
GET /users/:idvia string concatenation. - GDPR Gap: Missing 'Right to Erasure' endpoint for PII deletion.
Action: Rotate AWS keys immediately and use parameterized queries.
A professional-grade toolkit for SAST code reviews, PII scanning, and automated compliance gap analysis.
$12.99
· or 65 creditsSecure checkout via Stripe
Included in download
- Identify OWASP Top 10 vulnerabilities like SQL injection and broken auth.
- Scan repositories for hardcoded secrets, API keys, and private tokens.
- terminal automation included
- Ready for Optimized for Claude Code
- Instant install
Sample input
Perform a security audit on my Node/Express API. I'm worried about OWASP vulnerabilities and hardcoded secrets in my git history. I also need to be GDPR compliant for EU users.
Sample output
Security Audit Results: Node/Express API
Severity: Critical
- Finding: Hardcoded AWS Access Key in
config/db.js:14. - Finding: SQL Injection vulnerability in
GET /users/:idvia string concatenation. - GDPR Gap: Missing 'Right to Erasure' endpoint for PII deletion.
Action: Rotate AWS keys immediately and use parameterized queries.
About This Skill
A systematic security pass trained on OWASP Top 10, STRIDE threat modelling, CWE patterns, and compliance frameworks including SOC2, ISO 27001, GDPR and HIPAA. Point it at code, architecture diagrams, or infrastructure configs and it returns a ranked finding list with severity, exploitability, and a remediation playbook. Goes deeper than a linter: reasons about data flow, trust boundaries, and attacker motivations. Used for pre-launch audits, compliance gap assessments, and pre-pentest preparation. Specify your stack and compliance target — it returns a prioritised action list your engineering team can actually work from.
Use Cases
- Identify OWASP Top 10 vulnerabilities like SQL injection and broken auth.
- Scan repositories for hardcoded secrets, API keys, and private tokens.
- Perform technical gap analysis for GDPR, SOC2, and HIPAA standards.
- Audit project dependencies for known vulnerabilities and license risks.
- Verify cloud infrastructure security against least-privilege benchmarks.
Known Limitations
- Cannot execute dynamic penetration tests or live exploits.
- Static analysis may produce false positives.
- Compliance reporting requires manual legal verification.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/security-audit-compliance-toolkit -o /tmp/security-audit-compliance-toolkit.zip && unzip -o /tmp/security-audit-compliance-toolkit.zip -d ~/.claude/skills && rm /tmp/security-audit-compliance-toolkit.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
File Scopes
Optimized for Claude Code, Cursor, Windsurf, and related AI coding assistants.
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
PII & Data-Leak Scanner
Scan your schemas, seed data, config, and logs for personal data before it leaks. Detects PII-indicating column and key names (email, ssn, phone, address) across SQL, CSV, and JSON, plus PII in the data itself: email addresses, SSN-like numbers, credit-card-like numbers, phone numbers, and PII written into log files. Each finding is flagged with its location and a GDPR-style review note. Heuristic by design: it surfaces what to review, not a compliance guarantee.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
Multi-Agent Orchestration Master Library
Transform Claude Code into a coordinated multi-agent system. Battle-tested tmux orchestration patterns, YAML task queues, event-driven communication, and parallel worker management for 8+ agents.
sast-configuration
Automate the setup and optimization of Semgrep, SonarQube, and CodeQL for high-signal security testing.