skill-security-auditor
NewCodex skill security scanner for auditing SKILL.md instructions, scripts, hooks, and repository files for suspicious behavior.
Summary
md instructions, scripts, hooks, and repository files for suspicious behavior, helping developers identify potential security risks in their codebase.
- It acts as a proactive security auditor, flagging anomalies like hardcoded secrets, dangerous commands, or unauthorized modifications.
Install & Usage
mkdir -p .claude/skillsmkdir -p .claude/skills && curl -o .claude/skills/skill-security-auditor.md https://raw.githubusercontent.com/saroo98/skill-security-auditor/main/SKILL.md/skill-security-auditorUse Cases
Usage Examples
/skill-security-auditor scan SKILL.md
/skill-security-auditor audit hooks/
Run a security audit on the entire repository with /skill-security-auditor --recursive
Security Audits
Frequently Asked Questions
What is skill-security-auditor?
This skill scans SKILL.md instructions, scripts, hooks, and repository files for suspicious behavior, helping developers identify potential security risks in their codebase. It acts as a proactive security auditor, flagging anomalies like hardcoded secrets, dangerous commands, or unauthorized modifications.
How to install skill-security-auditor?
To install skill-security-auditor: create the skills directory (mkdir -p .claude/skills), then run: mkdir -p .claude/skills && curl -o .claude/skills/skill-security-auditor.md https://raw.githubusercontent.com/saroo98/skill-security-auditor/main/SKILL.md. Finally, /skill-security-auditor in Claude Code.
What is skill-security-auditor best for?
skill-security-auditor is a skill categorized under General. It is designed for: security. Created by saroo98.
What can I use skill-security-auditor for?
skill-security-auditor is useful for: Audit a SKILL.md file for suspicious instructions before executing it in a new project.; Scan repository hooks for malicious scripts that could compromise CI/CD pipelines.; Detect hardcoded API keys or passwords in configuration files across the codebase.; Review recent commits for unauthorized changes that introduce security vulnerabilities.; Check third-party scripts included in the project for obfuscated or dangerous code.; Validate that all repository files comply with your organization's security policies..