Security Audit
技能 已验证 活跃Audits a repository, workspace, or monorepo for dependency vulnerabilities, outdated security-sensitive packages, license issues, and dependency hygiene gaps, then compiles one evidence-backed report. Use when a user says `run a security audit`, `check dependencies and licenses`, `audit this monorepo for vulnerable packages`, or asks for a package-level security review. Do NOT use for a general secure-code review, threat model, or speculative vulnerability hunt without manifests, lockfiles, or package surfaces to inspect.
To provide a thorough, evidence-based security audit of a repository's dependencies and licenses, helping users identify and address potential risks.
功能
- Audits for dependency vulnerabilities
- Identifies outdated security-sensitive packages
- Checks for license issues
- Detects dependency hygiene gaps
- Compiles a consolidated, evidence-backed report
使用场景
- Audit a repository or monorepo for vulnerable packages
- Check dependency freshness and license risk
- Review package surfaces service by service
- Produce a consolidated dependency-security report
非目标
- Broad application code review
- Threat modeling
- Hand-auditing runtime bugs unrelated to dependencies
- Guessing about security posture without manifests or lockfiles
安装
/plugin install swe-skills@ckorhonen-swe-skills质量评分
已验证类似扩展
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
TradeMemory Protocol
100Evolution Engine 的领域知识 — 支持 LLM 从原始 OHLCV 数据中自主发现策略。涵盖生成-回测-选择-进化循环、向量化回测、样本外验证和策略梯度。在发现交易模式、运行回测、进化策略或审查进化日志时使用。由“evolve”、“discover patterns”、“backtest”、“evolution”、“strategy generation”、“candidate strategy”触发。
Gdpr Dsgvo Expert
100GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, and data subject rights management.
Refactor Plan
100Prioritized redesign action plan covering quick wins, medium effort, major rework
Type Audit
100Typography-only audit covering font selection, type scale, readability, hierarchy, performance
Component Audit
100Component consistency audit covering state coverage, hierarchy, patterns