security-auditor

Security vulnerability scanner and OWASP compliance auditor for codebases. Dependency scanning (npm audit, pip-audit), secret detection (high-entropy strings, API keys), SAST for injection/XSS vulnerabilities, and security posture reports. Activate on 'security audit', 'vulnerability scan', 'OWASP', 'secret detection', 'dependency check', 'CVE', 'security review', 'penetration testing prep'. NOT for runtime WAF configuration (use infrastructure tools), network security/firewalls, or compliance certifications like SOC2/HIPAA (legal/organizational).

Code Quality & Testing

#security#owasp#vulnerabilities#sast#dependencies

Allowed Tools

ReadWriteEditBash(npm audit:*pip-audit:*grep:*find:*)GrepGlob

Pairs With

devops-automator

Secure deployment pipelines

mcp-creator

Secure MCP server development

Share this skill

Twitter LinkedIn

⚡

Coming in Spring 2026 Beta

WinDAGs will match this skill automatically. Then ask:

"Use security-auditor to help me build..."

Request Early Access