security-auditor
Automated OWASP Top 10 security audits with severity-rated findings and concrete code remediation.
- Audit code against the OWASP Top 10 and CWE security standards.
- Identify injection flaws, broken access control, and cryptographic failures.
- Generate severity-rated vulnerability reports with remediation code.
$9
One-time purchase
Included in download
- Audit code against the OWASP Top 10 and CWE security standards.
- Identify injection flaws, broken access control, and cryptographic failures.
- env_vars automation included
- Includes example output and usage patterns
See it in action
Finding #1 — Raw SQL Injection
Category: OWASP A03 / CWE-89
Severity: Critical
Location: src/db.js:14
Issue: User input concatenated into SQL query.
Impact: Remote database dump.
Remediation: Use db.query('SELECT * FROM users WHERE id = ?', [id]);
Overall Risk: Critical (3 findings)security-auditor
Automated OWASP Top 10 security audits with severity-rated findings and concrete code remediation.
$9
One-time purchase
⚡ Also available via Agensi MCP — your AI agent can load this skill on demand via MCP. Learn more →
Included in download
- Audit code against the OWASP Top 10 and CWE security standards.
- Identify injection flaws, broken access control, and cryptographic failures.
- env_vars automation included
- Includes example output and usage patterns
- Instant install
See it in action
Finding #1 — Raw SQL Injection
Category: OWASP A03 / CWE-89
Severity: Critical
Location: src/db.js:14
Issue: User input concatenated into SQL query.
Impact: Remote database dump.
Remediation: Use db.query('SELECT * FROM users WHERE id = ?', [id]);
Overall Risk: Critical (3 findings)About This Skill
Professional Static Security Auditing
The Security Auditor skill transforms your AI agent into a rigorous security engineer. It performs systematic static analysis on your codebase or pull requests, specifically targeting the OWASP Top 10 (2021) and common Common Weakness Enumeration (CWE) patterns. Instead of vague "security advice," it provides structured, actionable reports that identify exactly where vulnerabilities hide and how to fix them.
Why use this skill
While general-purpose LLMs can spot simple errors, they often overlook subtle security flaws like IDOR, TOCTOU race conditions, or missing CSRF tokens in state-changing requests. This skill enforces a strict, category-by-category workflow to ensure no part of the attack surface—from authentication to SSRF—is missed. It is designed to catch high-impact vulnerabilities before they ever reach a production environment.
- Systematic Coverage: Exhaustive checks across all 10 OWASP categories.
- Severity Scoring: Clearly prioritizes fixes from "Critical" (RCE/Data Breach) to "Info."
- Developer-Centric Remediation: Provides concrete code examples for every finding, not generic suggestions.
- Risk Summary: Generates a high-level posture assessment for leads and managers.
Supported Use Cases
Perfect for pre-PR checks, auditing authentication modules, scanning new API endpoints, or reviewing legacy code handling sensitive PII and payment data.
Use Cases
- Audit code against the OWASP Top 10 and CWE security standards.
- Identify injection flaws, broken access control, and cryptographic failures.
- Generate severity-rated vulnerability reports with remediation code.
- Review pull requests for sensitive data exposure and misconfigurations.
- Prioritize security fixes with a summarized risk assessment.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/security-auditor | tar xz -C ~/.claude/skills/Free skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Allowed Hosts
Creator
Frequently Asked Questions
Learn More About AI Agent Skills
Similar Skills
code-reviewer
Reviews your code for bugs, security vulnerabilities, logic errors, performance issues, and style violations. Organizes findings by severity and suggests fixes with code examples.
prompt-engineer
Professional prompt engineering patterns for building robust, secure, and production-ready LLM applications.
git-commit-writer
Writes conventional commit messages by analyzing your staged git changes. Detects commit type, scope, and breaking changes automatically.
readme-generator
Generates a complete, polished README.md by scanning your actual project structure, dependencies, and code.