security-audit-skill

The security-audit skill provides a structured methodology for conducting manual security audits of codebases. It guides an agent through six phases: reconnaissance, hunting, validation, reporting, structured output generation, and independent verification. The skill emphasizes finding exploitable vulnerabilities with concrete attack scenarios over theoretical concerns.

New

Installs

Use cases

5/10

Quality

Is security-audit-skill safe to install?

Review before installing

Review before installing: our audit of security-audit-skill's source files found 1 shell command, 0 external URLs, file reads and writes (medium risk). Every command and URL listed appears verbatim in the skill's source. The skill requires read and write access to the local filesystem to manage audit artifacts, including architecture documents, reports, and findings files. It also executes shell commands like 'ls' to check for existing audit runs.

How we audit skills: our security review methodology.

Who is this skill for?

Developers and security engineers who need to perform manual security audits on web applications, APIs, services, CLI tools, libraries, and daemons.

What can you do with it?

Identifying exploitable security vulnerabilities in a codebase
Conducting a security review of application architecture and trust boundaries
Performing penetration testing on services and APIs
Generating structured security audit reports and findings in JSON format

How good is this skill?

Quality score: 5/10. The skill provides a clear, professional, and highly structured methodology. It includes specific instructions for file management, agent roles, and anti-patterns to avoid, making it highly actionable for an AI agent.

What does the skill file contain?

SKILL.md

# Security Audit

You are a security auditor. Your job is to find **exploitable vulnerabilities with real impact**.

## Platform terminology

This skill is agent-neutral. In the methodology:

- **Task tool** means the coding agent's delegation or sub-agent mechanism.
- **`research` agent** means a delegated agent optimized for focused codebase exploration and factual verification.
- **`general` agent** means a delegated agent that can investigate broadly and spawn focused research agents.
- **`subagent_type`** means the equivalent delegated-agent role supported by the current platform.

Use th...

Frequently asked questions

What is the primary goal of this audit skill?

The goal is to find exploitable vulnerabilities with real impact, rather than theoretical concerns or industry-standard deviations.

How does the skill handle multiple audit runs?

It stores artifacts in versioned directories (e.g., ~/security-audit-skill/<repo-name>/run-<N>). It instructs the agent to read prior findings.json files to skip known issues and target new areas.

How does the skill determine the severity of a finding?

Severity is determined by combining likelihood and impact. It specifically distinguishes between HIGH and MEDIUM based on whether a finding defeats an explicit security boundary.

Data sourced from cloudflare/security-audit-skill on GitHub. Install counts from skills.sh. The summary and security audit are derived from the skill's source files: every command and URL listed appears verbatim in the source.

Install

Works with Claude Code, Cursor, Codex CLI, and 50+ agents.

Manual install paths per agent

Claude Code: .claude/skills/ or ~/.claude/skills/

Codex CLI: .codex/skills/ or ~/.codex/skills/

GitHub Copilot: .github/skills/ or ~/.copilot/skills/

Amp: .agents/skills/ or ~/.config/agents/skills/

Copy the skill folder (with SKILL.md) into the project or global directory.

Security audit

medium risk

Commands

URLs

Yes

File I/O

The skill requires read and write access to the local filesystem to manage audit artifacts, including architecture documents, reports, and findings files. It also executes shell commands like 'ls' to check for existing audit runs.

View commands and endpoints

$ ls

Sourcecloudflare/security-audit-skill

InstallsNew

GitHub stars394

First seenJun 2026

Quality5/10

security audit vulnerability-scanning penetration-testing code-analysis

Related skills

seo-audit

133.3K

Users seeking to diagnose SEO issues, improve organic search performance, or conduct a health check on their website

The seo-audit skill provides a structured framework for diagnosing and recommending improvements for website search engine optimization. It guides the agent through technical, on-page, and content quality assessments, including specific checks for international SEO and site-type-specific issues.

highseoauditcoreyhaines31

aso

15.8K

App developers, marketers, and product managers looking to improve app store visibility and conversion rates

The aso skill audits and optimizes App Store and Google Play listings by analyzing metadata, visuals, and ratings against platform best practices. It classifies apps by brand maturity to provide tailored recommendations and generates a prioritized action plan.

highasomarketingcoreyhaines31

firecrawl-seo-audit

12.8K

SEO specialists, content marketers, and website owners who need automated, data-driven site audits

The firecrawl-seo-audit skill performs website SEO audits by mapping site structures, scraping key pages, and comparing content against target keywords and competitor search results.

highseoauditfirecrawl

agent-email-inbox

3.4K

Developers building AI agents or automated systems that process inbound email content

The agent-email-inbox skill provides a framework for building secure, webhook-based email processing systems for AI agents. It includes patterns for sender allowlisting, webhook signature verification, and content filtering to prevent unauthorized access to agent workflows.

highemailwebhooksresend