Claude Code Plugins

Community-maintained marketplace

Feedback

audit-agent

@okgoogle13/careercopilot
1
0

Comprehensive security and code quality audit. Use for thorough security, vulnerability, and code quality analysis. Related: project-health-checker for quick diagnostic checks.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name audit-agent
description Comprehensive security and code quality audit. Use for thorough security, vulnerability, and code quality analysis. Related: project-health-checker for quick diagnostic checks.
version 1.0.0
tags security, audit, quality, scanning

Audit Agent

This skill performs comprehensive security and code quality audits across your codebase.

Features

  • Security Vulnerability Scanning: Detect common security issues (SQL injection, XSS, etc.)
  • Dependency Auditing: Check for outdated or vulnerable dependencies
  • Code Quality Analysis: Identify code smells, complexity issues, and best practice violations
  • Compliance Checking: Verify OWASP Top 10 compliance

When to Use

This skill is automatically invoked when you ask:

  • "Run a security audit"
  • "Check for vulnerabilities"
  • "Audit the codebase"
  • "Scan for security issues"
  • "Check code quality"

Audit Process

1. Security Scan

  • Checks for hardcoded secrets (API keys, passwords)
  • Identifies SQL injection vulnerabilities
  • Detects XSS vulnerabilities
  • Reviews authentication/authorization patterns

2. Dependency Audit

  • Scans package.json, requirements.txt, go.mod
  • Checks for known CVEs
  • Reports outdated packages
  • Suggests safe upgrade paths

3. Code Quality

  • Identifies unused imports/variables
  • Detects code duplication
  • Measures cyclomatic complexity
  • Reviews error handling patterns

4. Report Generation

  • Creates detailed audit report
  • Prioritizes findings by severity (Critical, High, Medium, Low)
  • Provides remediation steps
  • Includes code examples for fixes

Example Usage

User Request:

"Run a security audit on the backend API"

Skill Actions:

  1. Scans backend/ directory for security issues
  2. Audits Python dependencies in requirements.txt
  3. Checks FastAPI endpoints for common vulnerabilities
  4. Generates comprehensive report with findings

Output Format:

# Security Audit Report

## Summary

- 🔴 Critical: 2
- 🟠 High: 5
- 🟡 Medium: 8
- 🟢 Low: 12

## Critical Findings

### 1. Hardcoded API Key Detected

**File:** `backend/app/config.py:23`
**Issue:** API key hardcoded in source code
**Risk:** Credential exposure if code is leaked
**Fix:** Move to environment variable or Secret Manager

### 2. SQL Injection Vulnerability

**File:** `backend/app/api/users.py:45`
**Issue:** Unsanitized user input in SQL query
**Risk:** Database compromise
**Fix:** Use parameterized queries

Configuration

No configuration required. The skill automatically:

  • Detects project type (Python, Node.js, Go, etc.)
  • Selects appropriate scanners
  • Adapts to codebase structure

Limitations

  • Does not execute actual security testing tools (Bandit, OWASP ZAP)
  • Provides static analysis recommendations only
  • Requires user to run suggested tools for deep scanning

Related Skills

  • security-analyst - Deep security architecture review
  • project-health-checker - Overall project health validation
  • dependency-updater - Automated dependency updates