Changelog
Initial release in the security skill pack.
How it works
1
Identify codebase
Checks arguments or asks which project to audit
2
Dependency audit
Runs npm audit, pip audit, or govulncheck for known CVEs
3
Secret scanning
Searches for hardcoded API keys, passwords, tokens, and private keys
4
OWASP code review
Checks for injection, broken auth, data exposure, misconfigurations
5
Report
Findings by severity (Critical, High, Medium, Low) with file locations and fix guidance
6
Save
Writes to engineering/security/audit-<date>.md
Details
- Supports Node.js, Python, and Go dependency auditing
- Checks for all OWASP top 10 categories
- Includes file paths and line numbers for every finding
- Prioritizes by severity with specific fix recommendations
- Creates engineering/security/ directory if needed