一键导入
cyber-audit
Run read-only exposure checks for security advisories and write a structured local audit report.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Run read-only exposure checks for security advisories and write a structured local audit report.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
Use codex-profiles to run Codex CLI or Codex Desktop with isolated CODEX_HOME profiles for separate accounts, projects, and local state.
Give an AI agent a permanent network address, encrypted P2P messaging, and an installable app store via Pilot Protocol
A ship gate that runs before any production deploy: checks the silent failure modes that make a deploy 'succeed' while prod stays broken, then verifies the live revision instead of trusting deploy output.
Integrate RouterBase as an OpenAI-compatible model gateway for routing GPT, Claude, Gemini, media, audio, and embedding requests.
Use Tree Ring Memory for local-first AI-agent memory lifecycle work: recall, evidence, audit, forgetting, and consolidation without transcript dumping.
Go in depth harness — fan-out web searches, fetch sources, adversarially verify claims, synthesize a cited report.
| name | cyber-audit |
| description | Run read-only exposure checks for security advisories and write a structured local audit report. |
| category | security |
| risk | safe |
| source | community |
| source_repo | davidondrej/skills |
| source_type | community |
| date_added | 2026-07-07 |
| author | davidondrej |
| tags | ["security","audit","read-only"] |
| tools | ["claude","codex"] |
| license | MIT |
| license_source | https://github.com/davidondrej/skills/blob/main/LICENSE |
| disable-model-invocation | true |
~/Documents/security-audits/.sudo. Never..md file (even if the verdict is "Not affected" — the audit trail matters).~/Documents/security-audits/YYYY-MM-DD-<short-kebab-slug>.md. Use today's date from the environment header.# --- Node / npm ecosystem (supply-chain advisories) ---
which npm pnpm yarn; npm root -g; pnpm root -g 2>/dev/null
ls /opt/homebrew/lib/node_modules # global npm
find ~ -maxdepth 8 -type d -name "<pkg>" 2>/dev/null \
| grep -v -E "(Library/Caches|\.Trash)" # installed copies
find ~/Documents ~/Desktop ~/Downloads -maxdepth 8 -type f \
\( -name "package.json" -o -name "package-lock.json" \
-o -name "pnpm-lock.yaml" -o -name "yarn.lock" \) 2>/dev/null \
| xargs grep -l "<pkg>" 2>/dev/null # direct + transitive
# --- Python ecosystem ---
which python3 pip pipx uv
pip list 2>/dev/null | grep -i "<pkg>"
find ~/Documents -maxdepth 6 -name "requirements*.txt" -o -name "pyproject.toml" \
-o -name "poetry.lock" -o -name "uv.lock" 2>/dev/null | xargs grep -l "<pkg>" 2>/dev/null
# --- Homebrew / system binaries ---
brew list --versions <formula> 2>/dev/null
which <binary>; <binary> --version 2>/dev/null
# --- Running processes / listeners (for RCE / network CVEs) ---
pgrep -lf "<binary>"
lsof -iTCP -sTCP:LISTEN -P -n 2>/dev/null | grep "<port>"
# --- LaunchAgents / LaunchDaemons (persistence / autostart) ---
ls ~/Library/LaunchAgents /Library/LaunchAgents /Library/LaunchDaemons 2>/dev/null \
| grep -i "<vendor>"
# --- Env vars that change exposure (e.g. OLLAMA_HOST, listening addr) ---
launchctl getenv <VAR>; grep -r "<VAR>" ~/.zshrc ~/.zprofile ~/.config 2>/dev/null
# --- VS Code / browser extensions (for IDE-targeted advisories) ---
ls ~/.vscode/extensions 2>/dev/null | grep -i "<ext>"
If the advisory mentions an ecosystem not above (Rust cargo, Go modules, Ruby gems, Docker images, etc.), apply the same pattern: global install path + manifest grep + running processes.
File: ~/Documents/security-audits/YYYY-MM-DD-<short-kebab-slug>.md
# <Subject> — Audit
**Date:** YYYY-MM-DD
**Host:** the user's Mac
## <CVEs | Advisory> in scope
- **<ID or source> "<Name>"** — <one-line description>. <Affected versions or scope>.
## Audit results
| Check | Result |
|---|---|
| <Check 1> | <Result> |
| <Check 2> | <Result> |
## Verdict
**<Not affected. | Affected. | Partially affected.>**
- <Rationale bullet 1>
- <Rationale bullet 2>
## Action taken
None — diagnostic only, no files modified, no <packages installed/removed | services started/stopped | firewall rules changed>.
## Follow-ups
- <Actionable item, or "None" if truly nothing>
Match the tone of the two existing reports in ~/Documents/security-audits/ — terse, factual, bulleted, no hedging.
Never on your own. If the verdict is "Affected", list the remediation command in Follow-ups and stop. The user runs it.
Two existing reports in ~/Documents/security-audits/ show the expected style:
baseline-audit.md (long-form baseline audit — different format, do not mimic)YYYY-MM-DD-example-advisory.md and any newer YYYY-MM-DD-*.md files (this is the format to match)davidondrej/skills; verify local paths, tools, credentials, and agent features before acting.