// Perform comprehensive security audit of a repository with detailed findings and step-by-step PoCs. Reports all web and API security vulnerabilities.
Generate AI-assisted navigation aids to help humans start reviewing a pull request more efficiently.
Persist guidelines, conventions, and architectural decisions into the repository's knowledge base. Use when told to remember something for future sessions.
Review Renovate dependency upgrade PRs to assess safety and effort. Use when reviewing PRs from Renovate bot that update NPM dependencies.
Verify a Node.js/TypeScript repo's development environment is correctly set up. Checks Node.js version, pnpm version, dependency installation, and build success. Use when onboarding, troubleshooting CI failures, or verifying a fresh clone.
Perform a broad Node/TypeScript repository health sweep ā formatting, linting, type errors, dead code, dependency hygiene, and open Renovate PRs.
| name | security-auditor |
| description | Perform comprehensive security audit of a repository with detailed findings and step-by-step PoCs. Reports all web and API security vulnerabilities. |
| disable-model-invocation | false |
| argument-hint | [--path <directory>] [--focus <category>] |
| allowed-tools | Task, Bash, Grep, Glob, Read, Write |
Perform a comprehensive security audit of a repository, identifying web and API security vulnerabilities with practical exploitation steps and detailed proof-of-concept demonstrations.
--path <directory> (optional): Path to the repository to audit. Defaults to current directory.--focus <category> (optional): Focus on specific security category (e.g., injection, auth, api, crypto, logic). Defaults to all categories.Determine the audit scope and target directory:
# If --path is provided, use it; otherwise use current directory
TARGET_PATH=$(echo "$ARGUMENTS" | grep -oP '(?<=--path\s)\S+' || pwd)
FOCUS_AREA=$(echo "$ARGUMENTS" | grep -oP '(?<=--focus\s)\S+' || echo "all")
Create audit report filename with timestamp:
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
REPORT_FILE="${TARGET_PATH}/security-audit-report-${TIMESTAMP}.md"
Identify the technology stack to tailor the security audit:
Use Glob and Read tools to detect:
Document the detected stack in the report.
Launch specialized security agents for comprehensive vulnerability discovery:
Use the Task tool with subagent_type: security-auditor and model: opus to perform:
Injection Vulnerabilities
Authentication & Authorization Flaws
Cross-Site Vulnerabilities
Data Exposure
Security Misconfigurations
Business Logic Vulnerabilities
Use the Task tool with subagent_type: deep-vuln-researcher and model: opus to discover:
Complex Logic Vulnerabilities
Advanced Injection Techniques
Cryptographic Weaknesses
API Security Issues
Container & Infrastructure
For each vulnerability discovered, create a detailed PoC including:
Create a comprehensive markdown report with the following structure:
# Security Audit Report
**Repository:** [repository name]
**Audit Date:** [date]
**Auditor:** Claude Security Auditor
**Scope:** [all/focused category]
---
## Executive Summary
[Brief overview of audit findings, total vulnerabilities by severity]
### Key Statistics
- **Critical:** X findings
- **High:** X findings
- **Medium:** X findings
- **Low:** X findings
- **Informational:** X findings
### Most Critical Issues
1. [Issue 1 with severity]
2. [Issue 2 with severity]
3. [Issue 3 with severity]
---
## Technology Stack
[Detected frameworks, libraries, and infrastructure]
---
## Detailed Findings
### [SEVERITY-001] [Vulnerability Title]
**Severity:** Critical/High/Medium/Low
**Category:** [e.g., Injection, Authentication, etc.]
**CWE:** [CWE number if applicable]
**CVSS Score:** [if applicable]
#### Description
[Detailed explanation of the vulnerability]
#### Location
- **File:** `path/to/file.js`
- **Line:** 42-55
- **Function/Method:** `vulnerableFunction()`
#### Impact
[Real-world impact - what can an attacker achieve?]
- Data breach potential
- Unauthorized access
- System compromise
- etc.
#### Vulnerable Code
```javascript
// Vulnerable code snippet
const query = `SELECT * FROM users WHERE id = ${req.params.id}`;
db.query(query);
Step 1: [Setup/Prerequisites]
# Commands or setup needed
Step 2: [Exploitation]
# Exploit payload
curl -X POST http://localhost:3000/api/user \
-H "Content-Type: application/json" \
-d '{"id": "1 OR 1=1; DROP TABLE users;--"}'
Step 3: [Verification]
# How to verify the exploit worked
Expected Result:
[What happens when exploited]
Recommended Fix:
// Secure code example
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [req.params.id]);
Additional Recommendations:
[Repeat for each finding]
[If applicable, map findings to compliance frameworks:]
[Description of the audit process and tools used]
[Definition of security terms used in the report]
Save this report to the file determined in step 1.
### 6. Output Summary
After completing the audit, provide a summary:
```markdown
ā
Security audit completed successfully
š **Report:** `[path to report file]`
š **Summary:**
- Critical: X
- High: X
- Medium: X
- Low: X
š“ **Action Required:** [List 3 most critical issues]
The detailed report includes:
- Comprehensive vulnerability analysis
- Step-by-step exploitation PoCs
- Specific remediation guidance
- Security best practices recommendations
IMPORTANT: Always use model: opus when invoking security agents via the Task tool. Opus 4.6 provides the highest quality analysis and is essential for:
Example Task invocation:
Task tool with:
- subagent_type: security-auditor
- model: opus
- prompt: [detailed security audit instructions]
Critical:
High:
Medium:
Low:
Informational:
Node.js/Express:
Python/Django/FastAPI:
Java/Spring Boot:
MongoDB/NoSQL:
JWT/Authentication:
APIs:
Include:
Exclude:
/security-auditor
/security-auditor --path /path/to/repo
/security-auditor --focus injection
/security-auditor --path ./backend --focus auth