Security Audit
技能 已验证 活跃Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement. Use when: authentication implementation, authorization logic, payment processing, user data handling, API endpoint creation, file upload handling, database queries, external API integration. Skip when: read-only operations on public data, internal development tooling, static documentation, styling changes.
To empower developers and security teams by providing automated, in-depth security scanning of codebases, identifying vulnerabilities, and enforcing secure coding patterns to mitigate risks.
功能
- Comprehensive security scanning pipeline
- Input validation and path traversal checks
- CVE detection and dependency scanning
- SQL injection and XSS vulnerability detection
- Hardcoded secret validation
- Security audit report generation
使用场景
- Use when implementing authentication or authorization logic.
- Use when handling sensitive user data or payment processing.
- Use when creating API endpoints or integrating external services.
- Use when reviewing code for potential security vulnerabilities before deployment.
非目标
- Skip when performing read-only operations on public data.
- Skip when used for internal development tooling unrelated to security.
- Skip when dealing with static documentation or styling changes.
- Skip when the task is not security-related.
安装
npx skills add ruvnet/ruflo通过 npx 运行 Vercel skills CLI(skills.sh)— 需要本地安装 Node.js,以及至少一个兼容 skills 的智能体(Claude Code、Cursor、Codex 等)。前提是仓库遵循 agentskills.io 格式。
质量评分
已验证类似扩展
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Fixflow
100使用严格的交付工作流执行编码任务:构建完整计划、分步实现、持续运行测试,并默认在每一步 (`per_step`) 后提交。当用户要求行为驱动交付或需求不明确时,支持显式提交策略覆盖 (`final_only`, `milestone`) 和可选的 BDD(给定/当/则)。
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Security Scan
99Run full security scans on the codebase using Ruflo security tools
Skill Security Auditor
95Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a skill directory or git repo URL for malicious code, (3) pre-install security gate for Claude Code plugins, OpenClaw skills, or Codex skills, (4) scanning Python scripts for dangerous patterns like os.system, eval, subprocess, network exfiltration, (5) detecting prompt injection in SKILL.md files, (6) checking dependency supply chain risks, (7) verifying file system access stays within skill boundaries. Triggers: "audit this skill", "is this skill safe", "scan skill for security", "check skill before install", "skill security check", "skill vulnerability scan".