一键导入
audit-code
Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | audit-code |
| description | Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities |
| disable-model-invocation | true |
| allowed-tools | Read, Glob, Grep, Bash |
| context | fork |
Security-focused code review of project source code. Covers OWASP-style vulnerabilities, hardcoded secrets, dangerous function calls, and patterns relevant to AI-assisted development.
Run the auditor against the target path:
python3 "$SKILL_DIR/scripts/audit_code.py" "$ARGUMENTS"
If $ARGUMENTS is empty, default to $PROJECT_ROOT.
Structured report with severity-ranked findings, file locations, and actionable remediation steps.
The repository's .claude/settings.json includes PreToolUse hooks that warn on
dangerous Bash and Write operations. These hooks are advisory only -- they
produce warnings but do not block execution.
PreToolUse blocking or escalation, hooks must return
hookSpecificOutput.permissionDecision: "deny" or "ask" instead of warning messages