security-audit

Name: security-audit
Author: YangKuoshih

YangKuoshih March 9, 2026

3 copies 0 downloads

Universal security scanning skill for AI agents - finds hardcoded secrets, API keys, and vulnerabilities in any codebase. 44 patterns validated against GitLeaks, OWASP Top 10 mapping, Markdown/SARIF/JSON reports. Works across Claude Code, Cursor, Windsurf, and any agentic platform.

Agent Definition

<div align="center">

<picture>
  <source media="(prefers-color-scheme: dark)" srcset="assets/header-dark.svg">
  <img alt="security-audit — Find secrets before attackers do." src="assets/header.svg" width="680">
</picture>

[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE)
[![Tests](https://img.shields.io/badge/tests-83%20passing-brightgreen.svg)](#testing)
[![Patterns](https://img.shields.io/badge/patterns-60%20rules-orange.svg)](skills/security-audit/scripts/patterns.dat)

</div>

---

## Why

Every leaked secret starts the same way — a key hardcoded "just for testing" that makes it to production. Existing tools catch some of these, but they're standalone binaries that don't understand your code's context.

**security-audit** combines deterministic pattern scanning with LLM-powered reasoning. The scanner finds candidates fast. The AI filters false positives, understands context, and writes remediation steps tailored to your stack.

## What It Catches

<table>
<tr>
<td width="50%">

**Secrets** — 50 patterns validated against [GitLeaks](https://github.com/gitleaks/gitleaks)

- AWS, GCP, Azure credentials
- GitHub, GitLab, Slack tokens
- Stripe, Twilio, SendGrid API keys
- Database connection strings
- Private keys (RSA, SSH, PGP)
- OpenAI, Heroku, NPM, PyPI tokens
- DigitalOcean, HashiCorp Vault, Terraform Cloud
- Grafana, Shopify, Anthropic, Docker Hub
- JWT tokens and signing secrets
- High-entropy strings (charset-aware: hex, base64, generic)

</td>
<td width="50%">

**Vulnerabilities** — 15 patterns mapped to [OWASP Top 10](https://owasp.org/Top10/)

- SQL injection sinks
- XSS vectors (innerHTML, dangerouslySetInnerHTML)
- Command injection
- Server-side request forgery (SSRF)
- Insecure deserialization (pickle, yaml.load)
- Weak cryptography (MD5, SHA1, DES)
- Disabled SSL verification
- Debug mode in production

</td>
</tr>
<tr>
<td colspan="2">

**Dangerous File Types** — 15 file patterns checked via `git ls-files`

Files that

Comments

More Agents

View all

documentation

Documentation & Onboarding Agent

Agent that generates comprehensive documentation, API references, architecture diagrams, and developer onboarding guides from existing code.

Community

debugging

Cursor Bug Triage Agent

Agent configuration for systematic bug investigation that traces issues from error logs through the codebase to root cause with suggested fixes.

Community

api

API Integration Agent

Agent for integrating third-party APIs including SDK setup, type generation, error handling, retry logic, and rate limit management.

Community

coding

Cursor Agent Mode

Cursor's built-in autonomous coding agent that can make multi-file edits, run terminal commands, search the codebase, and iteratively build features with minimal human intervention.

Cursor Team

cloud

Cursor Background Agent

Cloud-based autonomous coding agent that runs in the background on remote sandboxed environments, handling complex multi-step tasks while you continue working.

Cursor Team

composer

Cursor Composer Agent

Cursor's multi-file editing agent within Composer mode that can create, edit, and delete files across your entire project in a single conversation.

Cursor Team

security-audit

Tags

Comments

More Agents

Documentation & Onboarding Agent

Cursor Bug Triage Agent

API Integration Agent

Cursor Agent Mode

Cursor Background Agent

Cursor Composer Agent