# Claude Code Agent: Security Auditor — OWASP & Dependency Scan > Claude Code agent that audits your codebase for OWASP top 10 vulnerabilities, dependency issues, and security anti-patterns. ## Install Save the content below to `.claude/skills/` or append to your `CLAUDE.md`: ## Quick Use ```bash npx claude-code-templates@latest --agent security/security-auditor --yes ``` --- ## Intro A security-focused Claude Code agent that audits your codebase for vulnerabilities. Checks OWASP top 10, scans dependencies for known CVEs, detects leaked secrets, and verifies compliance with security best practices. Run it before deployments or on a regular schedule to catch issues early. **Works with**: Claude Code, GitHub Copilot --- ## What It Checks ### OWASP Top 10 - SQL injection and command injection - Cross-site scripting (XSS) - Broken authentication and session management - Insecure direct object references - Security misconfiguration - Sensitive data exposure - Missing access controls - Cross-site request forgery (CSRF) ### Dependency Security - Known CVEs in npm/pip/cargo/go dependencies - Outdated packages with security patches available - License compliance issues - Supply chain risks ### Secrets & Configuration - API keys, tokens, and passwords in code - Hardcoded credentials in config files - Insecure default configurations - Missing environment variable usage ### Infrastructure - Docker security best practices - CI/CD pipeline security - Network configuration review - Encryption at rest and in transit ## Example Usage ``` You: Run a security audit on the auth/ and api/ directories before we deploy Claude: [Activates security-auditor agent] - Scans for injection vulnerabilities - Checks authentication flow - Reviews dependency versions - Reports findings with severity ratings and fix suggestions ``` --- ### FAQ **Q: What is Claude Code Agent: Security Auditor?** A: Claude Code agent that audits your codebase for OWASP top 10 vulnerabilities, dependency issues, and security anti-patterns. **Q: How do I install Claude Code Agent: Security Auditor?** A: Check the Quick Use section above for step-by-step installation instructions. Most assets can be set up in under 2 minutes. ## Source & Thanks > Created by [Claude Code Templates](https://github.com/davila7/claude-code-templates) by davila7. Licensed under MIT. > Install: `npx claude-code-templates@latest --agent security/security-auditor --yes` --- Source: https://tokrepo.com/en/workflows/8929b029-3698-48c9-83e7-b4816331d316 Author: Skill Factory