M
MCP.directory

security-audit

by ruvnet
21
0
Source

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement. Use when: authentication implementation, authorization logic, payment processing, user data handling, API endpoint creation, file upload handling, database queries, external API integration. Skip when: read-only operations on public data, internal development tooling, static documentation, styling changes.

Install

mkdir -p .claude/skills/security-audit && curl -L -o skill.zip "https://mcp.directory/api/skills/download/1004" && unzip -o skill.zip -d .claude/skills/security-audit && rm skill.zip

Installs to .claude/skills/security-audit

About this skill

Security Audit Skill

Purpose

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement.

When to Trigger

  • authentication implementation
  • authorization logic
  • payment processing
  • user data handling
  • API endpoint creation
  • file upload handling
  • database queries
  • external API integration

When to Skip

  • read-only operations on public data
  • internal development tooling
  • static documentation
  • styling changes

Commands

Full Security Scan

Run comprehensive security analysis on the codebase

npx @claude-flow/cli security scan --depth full

Example:

npx @claude-flow/cli security scan --depth full --output security-report.json

Input Validation Check

Check for input validation issues

npx @claude-flow/cli security scan --check input-validation

Example:

npx @claude-flow/cli security scan --check input-validation --path ./src/api

Path Traversal Check

Check for path traversal vulnerabilities

npx @claude-flow/cli security scan --check path-traversal

SQL Injection Check

Check for SQL injection vulnerabilities

npx @claude-flow/cli security scan --check sql-injection

XSS Check

Check for cross-site scripting vulnerabilities

npx @claude-flow/cli security scan --check xss

CVE Scan

Scan dependencies for known CVEs

npx @claude-flow/cli security cve --scan

Example:

npx @claude-flow/cli security cve --scan --severity high

Security Audit Report

Generate full security audit report

npx @claude-flow/cli security audit --report

Example:

npx @claude-flow/cli security audit --report --format markdown --output SECURITY.md

Threat Modeling

Run threat modeling analysis

npx @claude-flow/cli security threats --analyze

Validate Secrets

Check for hardcoded secrets

npx @claude-flow/cli security validate --check secrets

Scripts

ScriptPathDescription
security-scan.agents/scripts/security-scan.shRun full security scan pipeline
cve-remediate.agents/scripts/cve-remediate.shAuto-remediate known CVEs

References

DocumentPathDescription
Security Checklistdocs/security-checklist.mdSecurity review checklist
OWASP Guidedocs/owasp-top10.mdOWASP Top 10 mitigation guide

Best Practices

  1. Check memory for existing patterns before starting
  2. Use hierarchical topology for coordination
  3. Store successful patterns after completion
  4. Document any new learnings

More by ruvnet

View all →

github-code-review

ruvnet

Comprehensive GitHub code review with AI-powered swarm coordination

1033

github-workflow-automation

ruvnet

Advanced GitHub Actions workflow automation with AI swarm coordination, intelligent CI/CD pipelines, and comprehensive repository management

992

agentdb-advanced-features

ruvnet

"Master advanced AgentDB features including QUIC synchronization, multi-database management, custom distance metrics, hybrid search, and distributed systems integration. Use when building distributed AI systems, multi-agent coordination, or advanced vector search applications."

801

agent-docs-api-openapi

ruvnet

Agent skill for docs-api-openapi - invoke with $agent-docs-api-openapi

151

agent-architecture

ruvnet

Agent skill for architecture - invoke with $agent-architecture

361

agentdb-memory-patterns

ruvnet

"Implement persistent memory patterns for AI agents using AgentDB. Includes session memory, long-term storage, pattern learning, and context management. Use when building stateful agents, chat systems, or intelligent assistants."

941

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

243775

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

184406

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

171268

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

198225

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

155191

rust-coding-skill

UtakataKyosui

Guides Claude in writing idiomatic, efficient, well-structured Rust code using proper data modeling, traits, impl organization, macros, and build-speed best practices.

157171

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.