بنقرة واحدة
do-security-audit
Run a security audit on one or more projects using parallel agents.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Run a security audit on one or more projects using parallel agents.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
| name | do-security-audit |
| description | Run a security audit on one or more projects using parallel agents. |
| disable-model-invocation | true |
| allowed-tools | ["Read","Glob","Grep","Task","WebFetch"] |
Run a structured security audit on one or more projects. Uses parallel agents to check a standard security checklist, flags dead security code, and assesses the deployment risk profile.
~/.claude/skill-references/subagent-patterns.md — Universal patterns for launching and orchestrating subagents/do-security-audit - Audit the current project/do-security-audit <path> - Audit a specific project/do-security-audit <path1> <path2> - Compare two projects side-by-sideSingle project (default): Use the current working directory or provided path.
Multiple projects: Parse space-separated paths. Enable comparison mode.
Launch parallel Explore subagents — one per project — with this checklist:
WebFetch to check CVE databases or advisory pages when specific versions are identifiedEach agent should report findings per checklist item with severity (Critical / High / Medium / Low / Info).
Flag code that exists but is never called. An implemented-but-unwired rate limiter is worse than no rate limiter — it creates false confidence.
Look for:
Evaluate the deployment context to calibrate severity:
Security choices acceptable in one context (e.g., plaintext tokens in dev) become critical in another (e.g., production with real user data).
When auditing multiple projects, compare findings side-by-side:
Present findings in a structured report:
## Security Audit: <project name(s)>
### Summary
- Critical: N | High: N | Medium: N | Low: N
### Findings
#### [Critical] <title>
- **Location**: <file:line>
- **Description**: ...
- **Recommendation**: ...
...
### Dead Security Code
- <file:line> — <description>
### Risk Profile
- Deployment context: ...
- Sensitive data: ...
- Calibration notes: ...
Capture session learnings and save to skills, guidelines, or reference docs under ~/.claude/.
Orchestrate parallel claude -p sessions — bootstrap, launch, monitor, and converge. Works with any skill that produces manifest.json, item directories, and a runner script.
Create a request (pull request or merge request) or update an existing one following project conventions.
Resolve merge or rebase conflicts between branches.
Assess open PRs with unaddressed review comments and generate a parallel addressing script — produces manifest.json and let-it-rip.sh for address-request-comments execution.
Assess open work items and generate a parallel execution script — produces manifest.json and let-it-rip.sh for implement/clarify execution.