メニュー
tools and instructions for performing a security audit and penetration testing on the KMP application.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
| name | security-audit |
| description | tools and instructions for performing a security audit and penetration testing on the KMP application. |
Perform comprehensive security testing of the KMP application using both static code analysis and dynamic terminal-based testing.
http://localhost:8080TestPassword (for all dev users)/workspaces/KMP/app/workspaces/KMP/security-reportsAnalyze the codebase for security vulnerabilities without executing code.
Search for raw SQL queries and unsafe database operations:
# Find raw SQL queries that might be vulnerable
grep -rn "query(" app/src/ --include="*.php"
grep -rn "\$this->connection" app/src/ --include="*.php"
grep -rn "execute(" app/src/ --include="*.php"
# Check for string concatenation in queries
grep -rn "WHERE.*\\\$" app/src/ --include="*.php"
grep -rn "SELECT.*\\\$" app/src/ --include="*.php"
Look for:
Search for unescaped output and unsafe JavaScript:
# Find potentially unescaped PHP output
grep -rn "<?=" app/templates/ --include="*.php" | grep -v " h("
grep -rn "echo \$" app/src/ --include="*.php"
# Check for dangerous JavaScript patterns
grep -rn "innerHTML" app/assets/js/ --include="*.js"
grep -rn "document.write" app/assets/js/ --include="*.js"
grep -rn "eval(" app/assets/js/ --include="*.js"
Look for:
h() helper function# Check authentication configuration
cat app/src/Application.php | grep -A 50 "getAuthenticationService"
# Find session handling
grep -rn "Session" app/src/ --include="*.php"
grep -rn "cookie" app/config/ --include="*.php"
# Check password handling
grep -rn "password" app/src/ --include="*.php"
grep -rn "bcrypt\|hash\|PASSWORD_DEFAULT" app/src/ --include="*.php"
Look for:
# Check policy implementations
find app/src/Policy -name "*.php" -exec cat {} \;
# Find authorization checks in controllers
grep -rn "authorize\|canAccess\|isAuthorized" app/src/Controller/ --include="*.php"
# Check for missing authorization
grep -rn "public function" app/src/Controller/ --include="*.php" | head -50
Look for:
# Find file upload handling
grep -rn "upload\|getClientFilename\|moveTo" app/src/ --include="*.php"
grep -rn "file_put_contents\|move_uploaded_file" app/src/ --include="*.php"
# Check allowed file types
grep -rn "mime\|extension\|ALLOWED" app/src/ --include="*.php"
Look for:
# Find hardcoded credentials or secrets
grep -rn "password\s*=\s*['\"]" app/src/ --include="*.php"
grep -rn "api_key\|secret\|token" app/src/ --include="*.php"
grep -rn "API_KEY\|SECRET" app/config/ --include="*.php"
# Check .env file for sensitive data
cat app/config/.env 2>/dev/null || echo ".env not found"
# Find logging of sensitive data
grep -rn "Log::" app/src/ --include="*.php" | grep -i "password\|token\|secret"
# Find shell command execution
grep -rn "exec(\|shell_exec\|system(\|passthru\|popen\|proc_open" app/src/ --include="*.php"
grep -rn "``" app/src/ --include="*.php"
# Check PHP dependencies
cd /workspaces/KMP/app && composer audit
# Check JavaScript dependencies
cd /workspaces/KMP/app && npm audit 2>/dev/null || echo "No package-lock.json"
Execute runtime tests against the running application.
# Verify application is running
curl -s -o /dev/null -w "%{http_code}" http://localhost:8080
# Create reports directory
mkdir -p /workspaces/KMP/security-reports
Test login functionality for common vulnerabilities:
# Test for user enumeration
curl -s -X POST http://localhost:8080/members/login \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "email=nonexistent@test.com&password=wrong" | grep -i "error\|invalid\|incorrect"
curl -s -X POST http://localhost:8080/members/login \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "email=admin@amp.ansteorra.org&password=wrong" | grep -i "error\|invalid\|incorrect"
# Test for brute force protection (try 5 rapid requests)
for i in {1..5}; do
curl -s -X POST http://localhost:8080/members/login \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "email=admin@amp.ansteorra.org&password=wrong$i" -o /dev/null -w "%{http_code}\n"
done
# Test common SQL injection patterns
curl -s "http://localhost:8080/members/view/1'" | head -20
curl -s "http://localhost:8080/members/view/1%20OR%201=1" | head -20
curl -s "http://localhost:8080/members?search=test'%20OR%20'1'='1" | head -20
# Test reflected XSS
curl -s "http://localhost:8080/members?search=<script>alert(1)</script>" | grep -o "<script>alert(1)</script>"
# Test for proper encoding
curl -s "http://localhost:8080/members?search=%3Cscript%3Ealert(1)%3C/script%3E" | grep -o "<script>"
# Check for CSRF tokens in forms
curl -s http://localhost:8080/members/login | grep -i "csrf\|_token\|_csrfToken"
# Attempt POST without CSRF token (should fail)
curl -s -X POST http://localhost:8080/members/add \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "name=test" -w "%{http_code}"
# Test path traversal
curl -s "http://localhost:8080/../../../etc/passwd" -o /dev/null -w "%{http_code}"
curl -s "http://localhost:8080/..%2F..%2F..%2Fetc%2Fpasswd" -o /dev/null -w "%{http_code}"
# Check for exposed sensitive files
curl -s "http://localhost:8080/.env" -o /dev/null -w "%{http_code}"
curl -s "http://localhost:8080/config/app.php" -o /dev/null -w "%{http_code}"
curl -s "http://localhost:8080/.git/config" -o /dev/null -w "%{http_code}"
# Check response headers
curl -s -I http://localhost:8080 | grep -iE "x-frame-options|x-content-type|x-xss-protection|strict-transport|content-security-policy"
# Login as basic user and try to access admin resources
# First get a session cookie (manual step or use browser automation)
curl -c cookies.txt -X POST http://localhost:8080/members/login \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "email=iris@ampdemo.com&password=TestPassword" -L
# Try to access another user's data
curl -b cookies.txt "http://localhost:8080/members/view/1" -o /dev/null -w "%{http_code}"
curl -b cookies.txt "http://localhost:8080/members/edit/1" -o /dev/null -w "%{http_code}"
# Cleanup
rm -f cookies.txt
Use available security tools for comprehensive scanning.
cd /workspaces/KMP/app
local-php-security-checker 2>/dev/null || echo "local-php-security-checker not installed"
dependency-check --project "KMP" \
--scan "/workspaces/KMP/app" \
--out "/workspaces/KMP/security-reports/dependency-check" \
--format HTML 2>/dev/null || echo "dependency-check not installed"
nikto -h http://localhost:8080 \
-o /workspaces/KMP/security-reports/nikto-report.html \
-Format html 2>/dev/null || echo "nikto not installed"
nuclei -u http://localhost:8080 \
-o /workspaces/KMP/security-reports/nuclei-report.txt \
-silent 2>/dev/null || echo "nuclei not installed"
# Ensure debug mode is off in production config
grep -r "debug" app/config/app.php app/config/app_local.php 2>/dev/null
# Check Security component usage
grep -rn "Security" app/src/Controller/ --include="*.php"
grep -rn "FormProtection" app/src/Controller/ --include="*.php"
# Verify ORM usage (safe) vs raw queries (potentially unsafe)
echo "=== ORM Usage (Safe) ==="
grep -c "->find\|->get\|->save\|->delete" app/src/Model/Table/*.php 2>/dev/null || echo "No Table files found"
echo "=== Raw Queries (Review Needed) ==="
grep -rn "getConnection\|query(" app/src/ --include="*.php"
When reporting findings, use this format:
| Severity | Category | Location | Description | Remediation |
|---|---|---|---|---|
| CRITICAL | SQL Injection | src/Controller/X.php:42 | Raw query with user input | Use parameter binding |
| HIGH | XSS | templates/Members/view.php:15 | Unescaped output | Use h() helper |
| MEDIUM | Auth | src/Application.php | Weak session timeout | Increase session security |
| LOW | Headers | N/A | Missing X-Frame-Options | Add security headers |
http://localhost:8080 respondsSOC 職業分類に基づく
Comprehensive code verification toolkit for the KMP application. Run all quality checks (PHPUnit, Jest, Webpack, PHPCS, PHPStan) and get guidance on writing tests and verifying production readiness.
Badge/notification counts must use identical permissions and be a subset of the list view they link to
Pattern for adding safe conditional logic to user-editable templates without eval()
Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Claude needs to work with spreadsheets (.xlsx, .xlsm, .csv, .tsv, etc) for: (1) Creating new spreadsheets with formulas and formatting, (2) Reading or analyzing data, (3) Modify existing spreadsheets while preserving formulas, (4) Data analysis and visualization in spreadsheets, or (5) Recalculating formulas
Manage plan tasks using the beads distributed, git-backed graph issue tracker. Supports creating, updating, closing tasks, managing dependencies, and syncing with git.
Automatically install and manage Agent Skills from GitHub repositories. Use when asked to "install a skill", "add a skill", "find skills", "browse skills", "get skills from GitHub", or when the user needs a specific capability that might exist as a community skill. Supports anthropics/skills, github/awesome-copilot, and custom GitHub repositories.
