Skill Security Auditor
OWASP-mapped code/secrets/config audit with working bundled scan scripts
Test report
- Verdict
- Tested · Works
- Score
- Tested
- Jul 10, 2026
- Environment
- Claude Code 2.x (agent harness)
- Upstream re-checked
- Jul 18, 2026 · c4be651
Run against a 13-line file with SQL injection, command injection and a hardcoded API key, its scripts caught all three plus a missing .gitignore issue that a manual review missed.
Scored on four weighted criteria — install, triggering, output vs. baseline, docs. How scoring works
- Installs cleanly 5/5
- Triggers reliably 5/5
- Output vs. baseline 9/10
- Docs & honesty 5/5
What Skill Security Auditor does
Runs a structured security audit workflow over source code, dependencies, and configs: secrets detection, OWASP Top 10 vulnerability scanning with language-specific examples (Python/JS/Go), dependency CVE checks, and a standard report template. Trigger on requests to audit, scan for vulnerabilities, find secrets, or review code/config security.
How to install Skill Security Auditor
git clone https://github.com/eigent-ai/eigent
cd eigent
mkdir -p ~/.claude/skills
cp -r resources/example-skills/skill-security-auditor ~/.claude/skills/skill-security-auditor
Skills live in ~/.claude/skills/ (global) or .claude/skills/
(per-project). Restart Claude Code after installing.
Commands — how to trigger Skill Security Auditor
-
/skill-security-auditorOWASP-mapped code/secrets/config audit with working bundled scan scripts
It also activates on plain-language prompts like these:
-
Audit this codebase for hardcoded secrets and OWASP Top 10 issues -
Scan our dependencies for known CVEs and generate a report -
Review this config for security vulnerabilities before deploy
Frequently asked questions
- Is the Skill Security Auditor skill free?
- Yes. The skill itself is free from eigent-ai/eigent. SkillProof publishes the install command and an independent test verdict at no cost.
- Does Skill Security Auditor work with Claude Code?
- We tested it with Claude Code 2.x (agent harness) on Jul 10, 2026. Verdict: Tested · Works. Run against a 13-line file with SQL injection, command injection and a hardcoded API key, its scripts caught all three plus a missing .gitignore issue that a manual review missed.
- What is the Skill Security Auditor SkillProof Score?
- 9.6/10 — installs cleanly 5/5, triggers reliably 5/5, output vs. baseline 9/10, docs & honesty 5/5.
- How do I install Skill Security Auditor?
- Copy the install command from this page, run it in your terminal, and restart Claude Code. Skills live in ~/.claude/skills/ (global) or .claude/skills/ inside a project.
- Can I use Skill Security Auditor with Cursor, Copilot, Gemini CLI, Codex or other AI tools?
- The SKILL.md format is native to Claude (Claude Code, Desktop, claude.ai). The instructions inside adapt to other assistants: Cursor rules, GitHub Copilot instructions, Windsurf rules, Custom GPTs, AGENTS.md for OpenAI Codex, and GEMINI.md for Google Gemini CLI — our conversion guides cover each, and the free converter on the tools page does the wrapping for you.