Skill Security Auditor

OWASP-mapped code/secrets/config audit with working bundled scan scripts

Tested · Works

Test report

Verdict
Tested · Works
Score
9.6/10
Tested
Jul 10, 2026
Environment
Claude Code 2.x (agent harness)
Upstream re-checked
Jul 18, 2026 · c4be651

Run against a 13-line file with SQL injection, command injection and a hardcoded API key, its scripts caught all three plus a missing .gitignore issue that a manual review missed.

Scored on four weighted criteria — install, triggering, output vs. baseline, docs. How scoring works

  • Installs cleanly 5/5
  • Triggers reliably 5/5
  • Output vs. baseline 9/10
  • Docs & honesty 5/5

What Skill Security Auditor does

Runs a structured security audit workflow over source code, dependencies, and configs: secrets detection, OWASP Top 10 vulnerability scanning with language-specific examples (Python/JS/Go), dependency CVE checks, and a standard report template. Trigger on requests to audit, scan for vulnerabilities, find secrets, or review code/config security.

How to install Skill Security Auditor

git clone https://github.com/eigent-ai/eigent
cd eigent
mkdir -p ~/.claude/skills
cp -r resources/example-skills/skill-security-auditor ~/.claude/skills/skill-security-auditor

Skills live in ~/.claude/skills/ (global) or .claude/skills/ (per-project). Restart Claude Code after installing.

Commands — how to trigger Skill Security Auditor

  • /skill-security-auditor OWASP-mapped code/secrets/config audit with working bundled scan scripts

It also activates on plain-language prompts like these:

  • Audit this codebase for hardcoded secrets and OWASP Top 10 issues
  • Scan our dependencies for known CVEs and generate a report
  • Review this config for security vulnerabilities before deploy

Frequently asked questions

Is the Skill Security Auditor skill free?
Yes. The skill itself is free from eigent-ai/eigent. SkillProof publishes the install command and an independent test verdict at no cost.
Does Skill Security Auditor work with Claude Code?
We tested it with Claude Code 2.x (agent harness) on Jul 10, 2026. Verdict: Tested · Works. Run against a 13-line file with SQL injection, command injection and a hardcoded API key, its scripts caught all three plus a missing .gitignore issue that a manual review missed.
What is the Skill Security Auditor SkillProof Score?
9.6/10 — installs cleanly 5/5, triggers reliably 5/5, output vs. baseline 9/10, docs & honesty 5/5.
How do I install Skill Security Auditor?
Copy the install command from this page, run it in your terminal, and restart Claude Code. Skills live in ~/.claude/skills/ (global) or .claude/skills/ inside a project.
Can I use Skill Security Auditor with Cursor, Copilot, Gemini CLI, Codex or other AI tools?
The SKILL.md format is native to Claude (Claude Code, Desktop, claude.ai). The instructions inside adapt to other assistants: Cursor rules, GitHub Copilot instructions, Windsurf rules, Custom GPTs, AGENTS.md for OpenAI Codex, and GEMINI.md for Google Gemini CLI — our conversion guides cover each, and the free converter on the tools page does the wrapping for you.