Run any Skill in Manus with one click

security-auditor

Automated security testing — HTTP header audit, injection testing (SQL/XSS/SSRF/command), secret scanning in source code, auth bypass testing, dependency vulnerability scanning. Pen-test-style checks with safe mode default. Use before any launch or security review.

Run Skill in Manus

Overview

Install command

npx skills add https://github.com/JansenAnalytics/claudex --skill security-auditor

Copy and paste this command into Claude Code to install the skill

Source

JansenAnalytics/claudex

Stars4

Forks1

UpdatedJune 3, 2026 at 20:50

SKILL.md

readonly

name	security-auditor
user-invocable	false
description	Automated security testing — HTTP header audit, injection testing (SQL/XSS/SSRF/command), secret scanning in source code, auth bypass testing, dependency vulnerability scanning. Pen-test-style checks with safe mode default. Use before any launch or security review.
triggers	["security audit","security check","pen test","vulnerability scan","check security"]
category	security
maturity	stable
tags	["pentest","injection-testing","secret-scanning","auth-bypass","cvss"]

Security Auditor

Automated security testing tool that probes web applications for vulnerabilities — pen-test-style checks.

Quick Start

# Full audit
security-auditor review https://example.com --source-dir ./myproject --output-dir /tmp/audit

# Individual scans
security-auditor headers https://example.com
security-auditor secrets ./src
security-auditor deps ./project
security-auditor injection https://example.com
security-auditor auth --auth-config auth.json

Commands

`headers <url>` — HTTP Security Headers

Checks HSTS, CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, CORS headers, Cache-Control, cookie flags. Grades A-F.

`injection <url>` — Injection Testing

Tests SQL injection, XSS, command injection, path traversal, SSRF, header injection, NoSQL injection. Safe mode by default; --aggressive for deeper testing.

`secrets <dir>` — Secret Scanner

Regex + entropy-based scanning for API keys (AWS, GCP, OpenAI, Stripe, GitHub, etc.), private keys, passwords, JWTs, connection strings. Add --git to scan git history.

`auth --auth-config <file>` — Auth Testing

Tests auth bypass (no token, malformed JWT, none-algorithm), IDOR, brute force detection, privilege escalation, HTTP method override.

Auth config format:

{
  "baseUrl": "https://api.example.com",
  "token": "Bearer eyJ...",
  "protectedEndpoints": ["/api/profile"],
  "adminEndpoints": ["/api/admin/users"],
  "idorEndpoints": ["/api/users/2/data"],
  "loginEndpoint": "/api/login",
  "loginBody": { "email": "test@test.com", "password": "wrong" }
}

`deps <dir>` — Dependency Scanner

Runs npm audit, checks outdated packages, license compliance (flags GPL in proprietary projects).

`review <url>` — Full Audit Orchestrator

Runs all scans and generates a combined report. Options: --quick, --full, --aggressive, --compare DIR.

`report <dir>` — Report Generator

Aggregates scan results into markdown + JSON with CVSS-like scoring and remediation steps.

Output

security-report.md — Human-readable report
security-report.json — Machine-readable with scores
Individual scan JSONs in output directory

Dependencies

Node.js built-in modules only (http, https, fs, path, child_process). No npm install needed.

More from this repository

same repository

memory-search

JansenAnalytics/claudex

Semantic memory search across all agent memories and conversation history. Use BEFORE answering questions about prior work, decisions, dates, people, preferences, projects, or past conversations. Also use when asked "do you remember", "what did we discuss", "when did we", etc.

2026-06-034

weather

JansenAnalytics/claudex

Get current weather and forecasts. Use when the user asks about weather, temperature, or forecasts for any location.

2026-06-034

1password

JansenAnalytics/claudex

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.

2026-06-034

a11y-audit

JansenAnalytics/claudex

Accessibility auditing: WCAG compliance checking, contrast ratios, ARIA labels, keyboard navigation, semantic HTML, screen reader compatibility.

2026-06-034

adr-manager

JansenAnalytics/claudex

ADR Manager Skill

2026-06-034

api-critic

JansenAnalytics/claudex

Autonomous API testing and evaluation. Tests any REST API for correctness, security, performance, error handling, and standards compliance. Discovers endpoints, probes with valid/invalid/edge-case payloads, checks auth, response times, injection vulnerabilities, and generates severity-scored reports with actionable fixes. Use before any API "done" claim.

2026-06-034

Source

JansenAnalytics

JansenAnalytics/claudex

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

Useful forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	security-auditor
user-invocable	false
description	Automated security testing — HTTP header audit, injection testing (SQL/XSS/SSRF/command), secret scanning in source code, auth bypass testing, dependency vulnerability scanning. Pen-test-style checks with safe mode default. Use before any launch or security review.
triggers	["security audit","security check","pen test","vulnerability scan","check security"]
category	security
maturity	stable
tags	["pentest","injection-testing","secret-scanning","auth-bypass","cvss"]

Security Auditor

Automated security testing tool that probes web applications for vulnerabilities — pen-test-style checks.

Quick Start

# Full audit
security-auditor review https://example.com --source-dir ./myproject --output-dir /tmp/audit

# Individual scans
security-auditor headers https://example.com
security-auditor secrets ./src
security-auditor deps ./project
security-auditor injection https://example.com
security-auditor auth --auth-config auth.json

Commands

`headers <url>` — HTTP Security Headers

Checks HSTS, CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, CORS headers, Cache-Control, cookie flags. Grades A-F.

`injection <url>` — Injection Testing

Tests SQL injection, XSS, command injection, path traversal, SSRF, header injection, NoSQL injection. Safe mode by default; --aggressive for deeper testing.

`secrets <dir>` — Secret Scanner

Regex + entropy-based scanning for API keys (AWS, GCP, OpenAI, Stripe, GitHub, etc.), private keys, passwords, JWTs, connection strings. Add --git to scan git history.

`auth --auth-config <file>` — Auth Testing

Tests auth bypass (no token, malformed JWT, none-algorithm), IDOR, brute force detection, privilege escalation, HTTP method override.

Auth config format:

{
  "baseUrl": "https://api.example.com",
  "token": "Bearer eyJ...",
  "protectedEndpoints": ["/api/profile"],
  "adminEndpoints": ["/api/admin/users"],
  "idorEndpoints": ["/api/users/2/data"],
  "loginEndpoint": "/api/login",
  "loginBody": { "email": "test@test.com", "password": "wrong" }
}

`deps <dir>` — Dependency Scanner

Runs npm audit, checks outdated packages, license compliance (flags GPL in proprietary projects).

`review <url>` — Full Audit Orchestrator

Runs all scans and generates a combined report. Options: --quick, --full, --aggressive, --compare DIR.

`report <dir>` — Report Generator

Aggregates scan results into markdown + JSON with CVSS-like scoring and remediation steps.

Output

security-report.md — Human-readable report
security-report.json — Machine-readable with scores
Individual scan JSONs in output directory

Dependencies

Node.js built-in modules only (http, https, fs, path, child_process). No npm install needed.

security-auditor

Security Auditor

Quick Start

Commands

headers <url> — HTTP Security Headers

injection <url> — Injection Testing

secrets <dir> — Secret Scanner

auth --auth-config <file> — Auth Testing

deps <dir> — Dependency Scanner

review <url> — Full Audit Orchestrator

report <dir> — Report Generator

Output

Dependencies

More from this repository

More from this repository

Security Auditor

Quick Start

Commands

headers <url> — HTTP Security Headers

injection <url> — Injection Testing

secrets <dir> — Secret Scanner

auth --auth-config <file> — Auth Testing

deps <dir> — Dependency Scanner

review <url> — Full Audit Orchestrator

report <dir> — Report Generator

Output

Dependencies

`headers <url>` — HTTP Security Headers

`injection <url>` — Injection Testing

`secrets <dir>` — Secret Scanner

`auth --auth-config <file>` — Auth Testing

`deps <dir>` — Dependency Scanner

`review <url>` — Full Audit Orchestrator

`report <dir>` — Report Generator

`headers <url>` — HTTP Security Headers

`injection <url>` — Injection Testing

`secrets <dir>` — Secret Scanner

`auth --auth-config <file>` — Auth Testing

`deps <dir>` — Dependency Scanner

`review <url>` — Full Audit Orchestrator

`report <dir>` — Report Generator