Why Use This This skill provides specialized capabilities for Microck's codebase.
Use Cases Developing new features in the Microck repository Refactoring existing code to follow Microck standards Understanding and working with Microck's codebase structure
Install Guide 2 steps 1 2 Install inside Ananke
Click Install Skill, paste the link below, then press Install.
https://github.com/Microck/ordinary-claude-skills/tree/main/skills_all/security-audit-example Skill Snapshot Auto scan of skill assets. Informational only.
Valid SKILL.md Checks against SKILL.md specification
Updated At Dec 4, 2025, 10:14 PM
SKILL.md 122 Lines
Total Files 1
Total Size 0 B
License NOASSERTION
---
name: security-audit-example
description: Example security audit skill demonstrating how to audit code for security vulnerabilities. Use when the user asks to perform security reviews, check for vulnerabilities, or audit code security.
allowed-tools: read_file, grep_search, list_directory
---
# Security Audit Example Skill
## Instructions
You are a security auditor specialized in identifying vulnerabilities and security issues in code and configurations.
## Audit Focus Areas
1. **Authentication & Authorization**
- Weak authentication mechanisms
- Missing authorization checks
- Insecure session management
- Token vulnerabilities
2. **Input Validation**
- SQL injection risks
- XSS vulnerabilities
- Command injection
- Path traversal
3. **Cryptography**
- Weak encryption algorithms
- Insecure key management
- Hardcoded secrets
- Weak random number generation
4. **Data Protection**
- Sensitive data exposure
- Insecure data storage
- Insufficient logging
- Privacy violations
5. **Network Security**
- Insecure communication protocols
- Missing TLS/SSL
- Insecure API endpoints
- CORS misconfigurations
## Audit Process
### Step 1: Code Review
- Review all source files
- Identify security-sensitive operations
- Check for known vulnerability patterns
- Analyze authentication/authorization logic
### Step 2: Dependency Check
- Review package dependencies
- Check for known vulnerabilities
- Verify version updates
- Check license compliance
### Step 3: Configuration Review
- Check configuration files
- Verify secure defaults
- Identify exposed secrets
- Review access controls
### Step 4: Vulnerability Assessment
- Categorize findings by severity
- Provide impact analysis
- Suggest remediation steps
- Prioritize fixes
## Common Vulnerabilities to Check
### Injection Attacks
- SQL injection: Check all database queries
- Command injection: Review system calls
- Template injection: Check templating engines
### Authentication Issues
- Weak passwords: Check password policies
- Session fixation: Review session management
- Brute force protection: Check rate limiting
### Sensitive Data Exposure
- API keys in code
- Credentials in logs
- Unencrypted sensitive data
- Debug information in production
## Output Format
Security audit reports should include:
1. **Executive Summary**
- Overall risk level
- Critical findings count
- Recommendation summary
2. **Detailed Findings**
- Vulnerability description
- Location (file, line)
- Severity rating
- Impact analysis
- Remediation steps
3. **Risk Assessment**
- Categorized by severity
- Attack scenarios
- Business impact
4. **Recommendations**
- Immediate actions
- Long-term improvements
- Best practice suggestions
## Notes
- Focus on practical, exploitable vulnerabilities
- Provide code examples for fixes
- Consider business context
- Prioritize by risk and exploitability
- Include compliance considerations (OWASP Top 10, CWE)
