## https://sploitus.com/exploit?id=AA4D9EBB-41BD-588E-88AD-EAC722C56636
# security-audit skill
A portable [Agent Skill](https://docs.claude.com/en/docs/claude-code/skills) for auditing code for
**real, exploitable** security vulnerabilities in **TypeScript/JavaScript, Python, and Rust**.
It encodes a disciplined, two-phase method: **inventory every dangerous sink first, judge each one
second.** Enumerating before deciding is the whole point โ it's what stops an audit from skimming
past the bug it already decided wasn't there.
## What it does
Given a file, a package, or a whole repo, the skill:
1. Names the **trust boundaries** โ who calls the code, what they control, where external data enters.
2. Builds an **inventory** of every sink (code exec, command exec, path/file ops, deserialisation, injection, SSRF, crypto, memory safety, concurrency, DoS, โฆ) using a per-language primitive list.
3. For each sink: traces it back to a boundary, writes a **reproduction script** (never runs it โ a human does), checks prior art (`git log`, issues, specs), and rates severity + confidence.
4. Reports findings and โ crucially โ every sink it **ruled out**, with the step that disqualified it.
### Three modes
| Mode | When |
|---|---|
| **whole-package** | You're in a repo with Read/Grep/`git` โ traces data flow across modules and checks history. |
| **deep-file** | One file in isolation, audited methodically. |
| **quick-file** | A fast triage skim of one file. |
The skill picks the mode from your request; you can steer it with `[path | .] [quick | deep]`.
## Layout
```
skills/security-audit/
SKILL.md # entry point: mode selection, spine, guardrails
references/
sink-classes.md # the taxonomy + per-language primitives to grep for
always-flag.md # sinks dangerous on sight (pickle, eval, prototype pollution, โฆ)
mode-whole-package.md # methodology + report format for repo audits
mode-deep-file.md # methodology + report format for a single file
mode-quick-file.md # fast-pass format
```
## Install
**Claude Code** โ clone anywhere and symlink the skill into your skills dir:
```sh
git clone https://github.com/AlCalzone/security-audit-skill.git
ln -s "$PWD/security-audit-skill/skills/security-audit" ~/.claude/skills/security-audit
```
Then invoke it with `/security-audit` or just ask Claude to "security-audit this repo."
The `SKILL.md` format is portable โ it works with any agent that reads
[Agent Skills](https://docs.claude.com/en/docs/claude-code/skills)-style `SKILL.md` files.
## Credit
Adapted from [PJUllrich's vulnerability-audit prompts](https://gist.github.com/PJUllrich/c8b3ced91598eeea6e624f5f6bdf7fbf),
which target Elixir/Erlang. This version keeps the method โ trust boundaries, the sink taxonomy, the
inventory-first discipline, the six-step per-sink trace โ and retargets the primitives to
TypeScript/JavaScript, Python, and Rust.