What It Checks
OWASP Top 10
- SQL injection and command injection
- Cross-site scripting (XSS)
- Broken authentication and session management
- Insecure direct object references
- Security misconfiguration
- Sensitive data exposure
- Missing access controls
- Cross-site request forgery (CSRF)
Dependency Security
- Known CVEs in npm/pip/cargo/go dependencies
- Outdated packages with security patches available
- License compliance issues
- Supply chain risks
Secrets & Configuration
- API keys, tokens, and passwords in code
- Hardcoded credentials in config files
- Insecure default configurations
- Missing environment variable usage
Infrastructure
- Docker security best practices
- CI/CD pipeline security
- Network configuration review
- Encryption at rest and in transit
Example Usage
You: Run a security audit on the auth/ and api/ directories before we deploy
Claude: [Activates security-auditor agent]
- Scans for injection vulnerabilities
- Checks authentication flow
- Reviews dependency versions
- Reports findings with severity ratings and fix suggestions