Share
## https://sploitus.com/exploit?id=AA4D9EBB-41BD-588E-88AD-EAC722C56636
# security-audit skill

A portable [Agent Skill](https://docs.claude.com/en/docs/claude-code/skills) for auditing code for
**real, exploitable** security vulnerabilities in **TypeScript/JavaScript, Python, and Rust**.

It encodes a disciplined, two-phase method: **inventory every dangerous sink first, judge each one
second.** Enumerating before deciding is the whole point โ€” it's what stops an audit from skimming
past the bug it already decided wasn't there.

## What it does

Given a file, a package, or a whole repo, the skill:

1. Names the **trust boundaries** โ€” who calls the code, what they control, where external data enters.
2. Builds an **inventory** of every sink (code exec, command exec, path/file ops, deserialisation, injection, SSRF, crypto, memory safety, concurrency, DoS, โ€ฆ) using a per-language primitive list.
3. For each sink: traces it back to a boundary, writes a **reproduction script** (never runs it โ€” a human does), checks prior art (`git log`, issues, specs), and rates severity + confidence.
4. Reports findings and โ€” crucially โ€” every sink it **ruled out**, with the step that disqualified it.

### Three modes

| Mode | When |
|---|---|
| **whole-package** | You're in a repo with Read/Grep/`git` โ€” traces data flow across modules and checks history. |
| **deep-file** | One file in isolation, audited methodically. |
| **quick-file** | A fast triage skim of one file. |

The skill picks the mode from your request; you can steer it with `[path | .] [quick | deep]`.

## Layout

```
skills/security-audit/
  SKILL.md                       # entry point: mode selection, spine, guardrails
  references/
    sink-classes.md              # the taxonomy + per-language primitives to grep for
    always-flag.md               # sinks dangerous on sight (pickle, eval, prototype pollution, โ€ฆ)
    mode-whole-package.md        # methodology + report format for repo audits
    mode-deep-file.md            # methodology + report format for a single file
    mode-quick-file.md           # fast-pass format
```

## Install

**Claude Code** โ€” clone anywhere and symlink the skill into your skills dir:

```sh
git clone https://github.com/AlCalzone/security-audit-skill.git
ln -s "$PWD/security-audit-skill/skills/security-audit" ~/.claude/skills/security-audit
```

Then invoke it with `/security-audit` or just ask Claude to "security-audit this repo."

The `SKILL.md` format is portable โ€” it works with any agent that reads
[Agent Skills](https://docs.claude.com/en/docs/claude-code/skills)-style `SKILL.md` files.

## Credit

Adapted from [PJUllrich's vulnerability-audit prompts](https://gist.github.com/PJUllrich/c8b3ced91598eeea6e624f5f6bdf7fbf),
which target Elixir/Erlang. This version keeps the method โ€” trust boundaries, the sink taxonomy, the
inventory-first discipline, the six-step per-sink trace โ€” and retargets the primitives to
TypeScript/JavaScript, Python, and Rust.