Skills / claude skill security auditor
claude skill security auditor
Claude Code skill for running structured security audits with actionable remediation plans
Installation
Compatibility
Description
Security Auditor
A Claude Code skill for running structured security audits with actionable remediation plans.
Installation
As a Claude Code Skill
# Clone to your Claude skills directory
git clone https://github.com/wrsmith108/claude-skill-security-auditor.git ~/.claude/skills/security-auditor
Standalone Usage
npx tsx scripts/index.ts [options]
Trigger Phrases
This skill activates when you mention:
- "npm audit"
- "security vulnerability"
- "dependency vulnerability"
- "CVE"
- "security check"
- "audit dependencies"
- "check vulnerabilities"
Capabilities
- Execute
npm audit --jsonand parse structured output - Classify vulnerabilities by severity (critical, high, medium, low)
- Extract CVE identifiers, affected versions, and fix versions
- Distinguish direct vs transitive dependencies
- Generate markdown reports with remediation commands
- Support risk acceptance via
security-exceptions.json - Provide CI-friendly exit codes
Usage
Basic Audit
npx tsx scripts/index.ts
JSON Output
npx tsx scripts/index.ts --json
Fail on High+ Severity (for CI)
npx tsx scripts/index.ts --fail-on high
Fail on Critical Only
npx tsx scripts/index.ts --fail-on critical
Audit a Specific Project
npx tsx scripts/index.ts --cwd /path/to/project
Risk Acceptance
Create a security-exceptions.json file in your project root to accept known risks:
{
"exceptions": [
{
"id": "GHSA-xxxx-xxxx-xxxx",
"reason": "Not exploitable in our usage context",
"expires": "2025-06-01",
"approvedBy": "security-team"
}
]
}
Accepted vulnerabilities are tracked separately in the report.
Output Format
The skill generates a markdown report with:
- Summary table by severity
- Detailed breakdown of high+ severity issues
- Transitive dependency analysis
- Copy-paste remediation commands
- List of accepted risks (if any)
Exit Codes
| Code | Meaning |
|------|---------|
| 0 | No vulnerabilities above threshold |
| 1 | Vulnerabilities found above threshold (with --fail-on) |
| 2 | Error running audit |
CI Integration
- name: Security Audit
run: npx tsx scripts/index.ts --fail-on high
Requirements
- Node.js and npm installed
- Valid
package.jsonin target directory - Optional:
package-lock.jsonfor accurate audit
Changelog
1.0.1 (2026-02-10)
- Fixed: Replaced hardcoded
~/.claude/skills/paths with relative paths for portability across different install locations
License
MIT
Related Skills
- ci-doctor - Diagnose CI/CD pipeline issues
- version-sync - Sync Node.js versions
- flaky-test-detector - Detect flaky tests
- docker-optimizer - Optimize Dockerfiles
Related Skills
last30days skill
AI agent skill that researches any topic across Reddit, X, YouTube, HN, Polymarket, and the web - then synthesizes a grounded summary
frontend slides
Create beautiful slides on the web using Claude's frontend skills
context mode
Context window optimization for AI coding agents. Sandboxes tool output, 98% reduction. 14 platforms
claude seo
Universal SEO skill for Claude Code. 19 sub-skills, 12 subagents, 3 extensions (DataForSEO, Firecrawl, Banana). Technical SEO, E-E-A-T, schema, GEO/AEO, backlinks, local SEO, maps intelligence, Google APIs, and PDF/Excel reporting.
claude ads
Comprehensive paid advertising audit & optimization skill for Claude Code. 250+ checks across Google, Meta, YouTube, LinkedIn, TikTok, Microsoft & Apple Ads with weighted scoring, parallel agents, industry templates, and AI creative generation.
claude obsidian
Claude + Obsidian knowledge companion. Persistent, compounding wiki vault based on Karpathy's LLM Wiki pattern. /wiki /save /autoresearch