Skills / claude skill security auditor
claude skill security auditor
Claude Code skill for running structured security audits with actionable remediation plans
Installation
Kompatibilitaet
Beschreibung
Security Auditor
A Claude Code skill for running structured security audits with actionable remediation plans.
Installation
As a Claude Code Skill
# Clone to your Claude skills directory
git clone https://github.com/wrsmith108/claude-skill-security-auditor.git ~/.claude/skills/security-auditor
Standalone Usage
npx tsx scripts/index.ts [options]
Trigger Phrases
This skill activates when you mention:
- "npm audit"
- "security vulnerability"
- "dependency vulnerability"
- "CVE"
- "security check"
- "audit dependencies"
- "check vulnerabilities"
Capabilities
- Execute
npm audit --jsonand parse structured output - Classify vulnerabilities by severity (critical, high, medium, low)
- Extract CVE identifiers, affected versions, and fix versions
- Distinguish direct vs transitive dependencies
- Generate markdown reports with remediation commands
- Support risk acceptance via
security-exceptions.json - Provide CI-friendly exit codes
Usage
Basic Audit
npx tsx scripts/index.ts
JSON Output
npx tsx scripts/index.ts --json
Fail on High+ Severity (for CI)
npx tsx scripts/index.ts --fail-on high
Fail on Critical Only
npx tsx scripts/index.ts --fail-on critical
Audit a Specific Project
npx tsx scripts/index.ts --cwd /path/to/project
Risk Acceptance
Create a security-exceptions.json file in your project root to accept known risks:
{
"exceptions": [
{
"id": "GHSA-xxxx-xxxx-xxxx",
"reason": "Not exploitable in our usage context",
"expires": "2025-06-01",
"approvedBy": "security-team"
}
]
}
Accepted vulnerabilities are tracked separately in the report.
Output Format
The skill generates a markdown report with:
- Summary table by severity
- Detailed breakdown of high+ severity issues
- Transitive dependency analysis
- Copy-paste remediation commands
- List of accepted risks (if any)
Exit Codes
| Code | Meaning |
|------|---------|
| 0 | No vulnerabilities above threshold |
| 1 | Vulnerabilities found above threshold (with --fail-on) |
| 2 | Error running audit |
CI Integration
- name: Security Audit
run: npx tsx scripts/index.ts --fail-on high
Requirements
- Node.js and npm installed
- Valid
package.jsonin target directory - Optional:
package-lock.jsonfor accurate audit
Changelog
1.0.1 (2026-02-10)
- Fixed: Replaced hardcoded
~/.claude/skills/paths with relative paths for portability across different install locations
License
MIT
Related Skills
- ci-doctor - Diagnose CI/CD pipeline issues
- version-sync - Sync Node.js versions
- flaky-test-detector - Detect flaky tests
- docker-optimizer - Optimize Dockerfiles
Aehnliche Skills
last30days skill
AI agent skill that researches any topic across Reddit, X, YouTube, HN, Polymarket, and the web - then synthesizes a grounded summary
context mode
Context window optimization for AI coding agents. Sandboxes tool output, 98% reduction. 12 platforms
claude seo
Universal SEO skill for Claude Code. 19 sub-skills, 12 subagents, 3 extensions (DataForSEO, Firecrawl, Banana). Technical SEO, E-E-A-T, schema, GEO/AEO, backlinks, local SEO, maps intelligence, Google APIs, and PDF/Excel reporting.
pinme
Deploy Your Frontend in a Single Command. Claude Code Skills supported.
claude ads
Comprehensive paid advertising audit & optimization skill for Claude Code. 250+ checks across Google, Meta, YouTube, LinkedIn, TikTok, Microsoft & Apple Ads with weighted scoring, parallel agents, industry templates, and AI creative generation.
claude code
Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.