ワンクリックでManusで任意のスキルを実行

security-audit

スター1

フォーク2

更新日2026年2月9日 18:15

Run a security audit on the Mycosoft codebase. Use when checking for exposed secrets, validating authentication, auditing API keys, or before releases.

インストール

Codex または Claude でインストールこの Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。

Manusで実行

ソース

MycosoftLabs

MycosoftLabs/mycosoft-mas

GitHub リポジトリを開く Creator のリポジトリを見る

ダウンロード

Manusで実行

Security Audit

Quick Audit Checklist

Security Audit Progress:
- [ ] Step 1: Check for exposed secrets
- [ ] Step 2: Validate API key management
- [ ] Step 3: Check authentication/RBAC
- [ ] Step 4: Scan for vulnerabilities
- [ ] Step 5: Review container security

Step 1: Check for exposed secrets

# Search for hardcoded secrets
rg -i "password|secret|api_key|token|credential" --type py --type ts -g "!*.md" -g "!node_modules" -g "!.git"

# Check for .env files committed
git ls-files | rg "\.env"

# Check for common secret patterns
rg "(sk-|pk-|ghp_|gho_|Bearer )" --type py --type ts

Things to look for:

Hardcoded passwords (especially SSH credentials)
API keys in source code
Tokens in configuration files
.env files in version control

Step 2: Validate API key management

# Check key service endpoints
curl -s http://192.168.0.188:8001/api/security/audit/status

Verify:

API keys are generated securely (not hardcoded)
Keys are stored in environment variables, not code
Key rotation is possible
Unused keys are revoked

Step 3: Check authentication/RBAC

Review mycosoft_mas/security/:

rbac.py - Role-based access control
encryption.py - Data encryption
audit.py - Audit logging

Verify:

All API endpoints require authentication where needed
Role checks are enforced
Audit logs capture security events

Step 4: Scan for vulnerabilities

# Python dependency scan
poetry run safety check
poetry run bandit -r mycosoft_mas/ -ll

# Node.js dependency scan (website repo)
cd /path/to/website
npm audit

Step 5: Review container security

# Check containers run as non-root
docker inspect <container> --format='{{.Config.User}}'

# Check for privileged mode
docker inspect <container> --format='{{.HostConfig.Privileged}}'

Reporting

After audit, create a dated report: docs/SECURITY_AUDIT_MMMDD_YYYY.md

Include:

Findings (critical, warning, info)
Remediation steps
Status of previous findings

このリポジトリの他の Skills

同じリポジトリ

deploy-mindex

MycosoftLabs/mycosoft-mas

Deploy or restart the MINDEX API service on VM 192.168.0.189. Use when updating MINDEX, restarting the database API, or deploying MINDEX changes.

2026-04-151

workflow-orchestration

MycosoftLabs/mycosoft-mas

Execute non-trivial work using plan-first, verify-first, and lessons-fed defaults. Use when running 3+ step tasks, architectural work, or anything that may require re-planning.

2026-03-141

deploy-website-sandbox

MycosoftLabs/mycosoft-mas

Deploy the Mycosoft website to the Sandbox VM (192.168.0.187). Use when the user asks to deploy, push to sandbox, rebuild the website container, or update the live site.

2026-03-061

neuromorphic-integration

MycosoftLabs/mycosoft-mas

Integrate neuromorphic UI into a page. Use when converting Shadcn pages to neuromorphic design or adding neuromorphic styling.

2026-02-191

deploy-mas-service

MycosoftLabs/mycosoft-mas

Deploy or restart the MAS orchestrator service on VM 192.168.0.188. Use when updating the Multi-Agent System, restarting the orchestrator, or deploying MAS changes.

2026-02-121

start-dev-website

MycosoftLabs/mycosoft-mas

Start the Mycosoft website dev server on port 3010. Use when the user wants to run the dev server, start development, or test the website locally.

2026-02-121

name	security-audit
description	Run a security audit on the Mycosoft codebase. Use when checking for exposed secrets, validating authentication, auditing API keys, or before releases.

Security Audit

Quick Audit Checklist

Security Audit Progress:
- [ ] Step 1: Check for exposed secrets
- [ ] Step 2: Validate API key management
- [ ] Step 3: Check authentication/RBAC
- [ ] Step 4: Scan for vulnerabilities
- [ ] Step 5: Review container security

Step 1: Check for exposed secrets

# Search for hardcoded secrets
rg -i "password|secret|api_key|token|credential" --type py --type ts -g "!*.md" -g "!node_modules" -g "!.git"

# Check for .env files committed
git ls-files | rg "\.env"

# Check for common secret patterns
rg "(sk-|pk-|ghp_|gho_|Bearer )" --type py --type ts

Things to look for:

Hardcoded passwords (especially SSH credentials)
API keys in source code
Tokens in configuration files
.env files in version control

Step 2: Validate API key management

# Check key service endpoints
curl -s http://192.168.0.188:8001/api/security/audit/status

Verify:

API keys are generated securely (not hardcoded)
Keys are stored in environment variables, not code
Key rotation is possible
Unused keys are revoked

Step 3: Check authentication/RBAC

Review mycosoft_mas/security/:

rbac.py - Role-based access control
encryption.py - Data encryption
audit.py - Audit logging

Verify:

All API endpoints require authentication where needed
Role checks are enforced
Audit logs capture security events

Step 4: Scan for vulnerabilities

# Python dependency scan
poetry run safety check
poetry run bandit -r mycosoft_mas/ -ll

# Node.js dependency scan (website repo)
cd /path/to/website
npm audit

Step 5: Review container security

# Check containers run as non-root
docker inspect <container> --format='{{.Config.User}}'

# Check for privileged mode
docker inspect <container> --format='{{.HostConfig.Privileged}}'

Reporting

After audit, create a dated report: docs/SECURITY_AUDIT_MMMDD_YYYY.md

Include:

Findings (critical, warning, info)
Remediation steps
Status of previous findings