Back to Agents
oc-security-audit
miclivne March 29, 2026
1 copies 0 downloads
Full-stack security audit skill for AI coding agents. OWASP WSTG testing + infrastructure, deployment, and privacy checks. Works with Claude Code, Codex, Cursor, Gemini CLI, Copilot.
Agent Definition
# OC Security Audit -- OWASP-grounded pre-launch security audit for web apps *Dedicated to [Ohad Cohen](https://cohenron09.wixsite.com/boodi), a brave Israeli soldier who gave his life protecting Kibbutz Be'eri on October 7, 2023.* ## Install ```bash /plugin marketplace add miclivne/oc-security-audit /plugin install oc-security-audit ``` Then run in any project: ```bash /oc-security-audit ``` or just ask: "run a security audit on this project" ## What it checks 14 categories mapped to OWASP standards. Each answers a plain-language security question: | # | Category | User question answered | OWASP source | |---|----------|----------------------|--------------| | 1 | DDoS / API abuse | Can someone take my app down or run up my bill? | API4:2023, WSTG-DOS | | 2 | Hosting bypass | Can someone bypass my security layer? | WSTG-CONF-01, CONF-10 | | 3 | User data exposure | Can someone see data they shouldn't? | API3:2023, ASVS V14 | | 4 | Broken access control (IDOR) | Can someone access other users' data? | API1:2023, A01:2025 | | 5 | Code injection (safety net) | Is code safe from injection? | A05:2025, WSTG-INPV | | 6 | Supply chain | Are dependencies safe? | A03:2025 | | 7 | Session / auth security | Can someone steal a session? | A07:2025, WSTG-SESS | | 8 | Secret leakage | Are secrets exposed? | WSTG-CONF-04, CONF-09 | | 9 | SSRF | Can server be tricked to fetch internal resources? | A01:2025 | | 10 | AI/LLM risks | Is AI integration leaking user data? | LLM Top 10 2025 | | 11 | Infrastructure config | Is production configured securely? | A02:2025, WSTG-CONF | | 12 | Privacy / legal | Am I legally covered for user data? | ASVS V14, GDPR | | 13 | Error handling | Does the app fail securely? | A10:2025 | | 14 | Logging & monitoring | Will I know if someone is attacking? | A09:2025 | ## How it works The audit runs in 6 steps with progress indicators: ``` Step 1: DISCOVER Step 2: SELECT TESTS Step 3: SCAN [shell script] [shel
Comments
More Agents
View alldocumentation
Documentation & Onboarding Agent
Agent that generates comprehensive documentation, API references, architecture diagrams, and developer onboarding guides from existing code.
C
Communitydebugging
Cursor Bug Triage Agent
Agent configuration for systematic bug investigation that traces issues from error logs through the codebase to root cause with suggested fixes.
C
Communityapi
API Integration Agent
Agent for integrating third-party APIs including SDK setup, type generation, error handling, retry logic, and rate limit management.
C
Communitycoding
Cursor Agent Mode
Cursor's built-in autonomous coding agent that can make multi-file edits, run terminal commands, search the codebase, and iteratively build features with minimal human intervention.
C
Cursor Teamcloud
Cursor Background Agent
Cloud-based autonomous coding agent that runs in the background on remote sandboxed environments, handling complex multi-step tasks while you continue working.
C
Cursor Teamcomposer
Cursor Composer Agent
Cursor's multi-file editing agent within Composer mode that can create, edit, and delete files across your entire project in a single conversation.
C
Cursor Team