home / skills / ruvnet / ruflo / security-audit

security-audit skill

safe

This skill performs comprehensive security auditing to detect vulnerabilities and enforce secure coding across authentication, APIs, and data handling.

npx playbooks add skill ruvnet/ruflo --skill security-audit

Review the files below or copy the command above to add this skill to your agents.

Files (3)

SKILL.md

3.2 KB

---
name: security-audit
description: >
  Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.
  Use when: authentication implementation, authorization logic, payment processing, user data handling, API endpoint creation, file upload handling, database queries, external API integration.
  Skip when: read-only operations on public data, internal development tooling, static documentation, styling changes.
---

# Security Audit Skill

## Purpose
Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.

## When to Trigger
- authentication implementation
- authorization logic
- payment processing
- user data handling
- API endpoint creation
- file upload handling
- database queries
- external API integration

## When to Skip
- read-only operations on public data
- internal development tooling
- static documentation
- styling changes

## Commands

### Full Security Scan
Run comprehensive security analysis on the codebase

```bash
npx @claude-flow/cli security scan --depth full
```

**Example:**
```bash
npx @claude-flow/cli security scan --depth full --output security-report.json
```

### Input Validation Check
Check for input validation issues

```bash
npx @claude-flow/cli security scan --check input-validation
```

**Example:**
```bash
npx @claude-flow/cli security scan --check input-validation --path ./src/api
```

### Path Traversal Check
Check for path traversal vulnerabilities

```bash
npx @claude-flow/cli security scan --check path-traversal
```

### SQL Injection Check
Check for SQL injection vulnerabilities

```bash
npx @claude-flow/cli security scan --check sql-injection
```

### XSS Check
Check for cross-site scripting vulnerabilities

```bash
npx @claude-flow/cli security scan --check xss
```

### CVE Scan
Scan dependencies for known CVEs

```bash
npx @claude-flow/cli security cve --scan
```

**Example:**
```bash
npx @claude-flow/cli security cve --scan --severity high
```

### Security Audit Report
Generate full security audit report

```bash
npx @claude-flow/cli security audit --report
```

**Example:**
```bash
npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md
```

### Threat Modeling
Run threat modeling analysis

```bash
npx @claude-flow/cli security threats --analyze
```

### Validate Secrets
Check for hardcoded secrets

```bash
npx @claude-flow/cli security validate --check secrets
```


## Scripts

| Script | Path | Description |
|--------|------|-------------|
| `security-scan` | `.agents/scripts/security-scan.sh` | Run full security scan pipeline |
| `cve-remediate` | `.agents/scripts/cve-remediate.sh` | Auto-remediate known CVEs |


## References

| Document | Path | Description |
|----------|------|-------------|
| `Security Checklist` | `docs/security-checklist.md` | Security review checklist |
| `OWASP Guide` | `docs/owasp-top10.md` | OWASP Top 10 mitigation guide |

## Best Practices
1. Check memory for existing patterns before starting
2. Use hierarchical topology for coordination
3. Store successful patterns after completion
4. Document any new learnings

Overview

This skill performs comprehensive security scanning and vulnerability detection across a TypeScript agent platform. It inspects code patterns, dependencies, and runtime entry points to find input validation issues, path traversal, injection flaws, XSS, and known CVEs. It also enforces secure coding patterns and produces audit reports and remediation suggestions.

How this skill works

The scanner analyzes source code, dependency manifests, and common attack surfaces to detect unsafe patterns and misconfigurations. It runs targeted checks (input validation, path traversal, SQL injection, XSS) and dependency CVE scans, and can generate full security audit reports or focused check outputs. Results include findings, severity levels, remediation steps, and optional automated remediation scripts for known CVEs.

When to use it

Implementing or changing authentication or authorization logic
Adding or modifying payment processing or user data handling
Creating new API endpoints or modifying request handlers
Handling file uploads or filesystem access
Writing database queries or integrating external APIs

Best practices

Run a full scan before merging security-sensitive changes (auth, payments, uploads)
Use focused checks (input-validation, sql-injection, xss) during iterative development
Scan dependencies regularly and prioritize high-severity CVE remediation
Treat findings as actionable: include repro, severity, and specific fix suggestions
Store and document successful remediation patterns for future reference

Example use cases

Pre-merge scan for a pull request that adds a new user registration endpoint
Periodic CI job that runs CVE scans and blocks deploys on critical vulnerabilities
Local developer check for input validation and path traversal before testing file upload handlers
Generate a security audit report to satisfy compliance or an internal review
Run threat modeling before releasing a new external API

FAQ

Can I run only specific checks instead of a full scan?

Yes. The skill supports focused checks like input-validation, path-traversal, sql-injection, xss, and CVE scans so you can target specific concerns during development.

How are dependency CVEs reported and remediated?

Dependency scans surface CVEs with severity ratings and suggested upgrades or patches. Automated remediation scripts can apply fixes for known patterns, but always review changes before accepting them.