ワンクリックで
audit-code
Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | audit-code |
| description | Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities |
| disable-model-invocation | true |
| allowed-tools | Read, Glob, Grep, Bash |
| context | fork |
Security-focused code review of project source code. Covers OWASP-style vulnerabilities, hardcoded secrets, dangerous function calls, and patterns relevant to AI-assisted development.
Run the auditor against the target path:
python3 "$SKILL_DIR/scripts/audit_code.py" "$ARGUMENTS"
If $ARGUMENTS is empty, default to $PROJECT_ROOT.
Structured report with severity-ranked findings, file locations, and actionable remediation steps.
The repository's .claude/settings.json includes PreToolUse hooks that warn on
dangerous Bash and Write operations. These hooks are advisory only -- they
produce warnings but do not block execution.
PreToolUse blocking or escalation, hooks must return
hookSpecificOutput.permissionDecision: "deny" or "ask" instead of warning messages