一键导入
security-audit
Performs a security audit on code or configuration. Checks for OWASP Top 10 vulnerabilities, secrets exposure, and unsafe patterns.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Performs a security audit on code or configuration. Checks for OWASP Top 10 vulnerabilities, secrets exposure, and unsafe patterns.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Enforces a strict 4-phase methodology (Plan, Generate, Review, DoD) for development tickets to ensure high-quality, secure, and production-ready code. Features a continuous YOLO mode loop for autonomous task completion.
Performs thorough code review on files or diffs. Checks for bugs, security issues, performance problems, and code quality.
Systematic debugging assistant. Analyzes errors, traces root causes, and suggests fixes with evidence.
Verifies that NDE-OS agent core code is production-ready with no mocks, no fakes, no TODOs, and matches all R&D comparison claims. Use after implementing any agent core module, before marking a task as complete, or when auditing code quality against the implementation plan.
Explains code in plain language. Breaks down complex logic, traces execution flow, and creates documentation.
Sets up new project scaffolding with proper structure, configuration, and tooling. Supports Rust, TypeScript, Python, and more.
| name | security-audit |
| description | Performs a security audit on code or configuration. Checks for OWASP Top 10 vulnerabilities, secrets exposure, and unsafe patterns. |
| triggers | ["security audit","check for vulnerabilities","is this secure","security review","find security issues"] |
Identify security vulnerabilities in code, configuration, and dependencies following OWASP Top 10 and secure coding practices.
code_search for format!, + in SQL stringsshell_exec, eval, or database queriescode_search for "password", "secret", "api_key", "token".env, credentials, private keys in tracked files../ handling and path canonicalizationcode_search — find vulnerable patternsfile_read — inspect configuration filesfile_search — find secrets in codeweb_search — look up CVEs for dependenciesshell_exec — run security scanning tools if available## Security Audit Report
### CRITICAL
- [File:Line] Vulnerability description | OWASP category | Remediation
### HIGH
- [File:Line] Issue description | Category | Fix
### MEDIUM / LOW
- [File:Line] Finding | Category | Suggestion
### Summary
- X critical, Y high, Z medium vulnerabilities
- Risk assessment: HIGH / MEDIUM / LOW