Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Security Audit

Skill Verifiziert Aktiv
Teil von:Swe Skills

Audits a repository, workspace, or monorepo for dependency vulnerabilities, outdated security-sensitive packages, license issues, and dependency hygiene gaps, then compiles one evidence-backed report. Use when a user says `run a security audit`, `check dependencies and licenses`, `audit this monorepo for vulnerable packages`, or asks for a package-level security review. Do NOT use for a general secure-code review, threat model, or speculative vulnerability hunt without manifests, lockfiles, or package surfaces to inspect.

Zweck

To provide a thorough, evidence-based security audit of a repository's dependencies and licenses, helping users identify and address potential risks.

Funktionen

  • Audits for dependency vulnerabilities
  • Identifies outdated security-sensitive packages
  • Checks for license issues
  • Detects dependency hygiene gaps
  • Compiles a consolidated, evidence-backed report

Anwendungsfälle

  • Audit a repository or monorepo for vulnerable packages
  • Check dependency freshness and license risk
  • Review package surfaces service by service
  • Produce a consolidated dependency-security report

Nicht-Ziele

  • Broad application code review
  • Threat modeling
  • Hand-auditing runtime bugs unrelated to dependencies
  • Guessing about security posture without manifests or lockfiles

Installation

/plugin install swe-skills@ckorhonen-swe-skills

Qualitätspunktzahl

Verifiziert
98 /100
Analysiert 1 day ago

Vertrauenssignale

Letzter Commit5 days ago
GitHub-Inhaber ckorhonen (opens in new tab)
Sterne1
LizenzMIT
Websitecdd.dev(opens in new tab)
Status
Quellcode ansehen

Ähnliche Erweiterungen

Ship Gate

100

Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.

Skill
alirezarezvani

TradeMemory Protocol

100

Domänenwissen für die Evolution Engine — LLM-gestützte autonome Strategieentdeckung aus rohen OHLCV-Daten. Behandelt die Schleife Generieren-Backtesten-Auswählen-Entwickeln, vektorisiertes Backtesting, Out-of-Sample-Validierung und Strategiegraduierung. Verwenden Sie es beim Entdecken von Handelspatterns, Ausführen von Backtests, Entwickeln von Strategien oder Überprüfen von Evolutionsprotokollen. Löst aus bei "evolve", "discover patterns", "backtest", "evolution", "strategy generation", "candidate strategy".

Skill
mnemox-ai

Gdpr Dsgvo Expert

100

GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, and data subject rights management.

Skill
alirezarezvani

Refactor Plan

100

Prioritized redesign action plan covering quick wins, medium effort, major rework

Skill
Aboudjem

Type Audit

100

Typography-only audit covering font selection, type scale, readability, hierarchy, performance

Skill
Aboudjem

Component Audit

100

Component consistency audit covering state coverage, hierarchy, patterns

Skill
Aboudjem