install
source · Clone the upstream repo
git clone https://github.com/frankxai/agentic-creator-os
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/frankxai/agentic-creator-os "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.claude/skills/security-auditor" ~/.claude/skills/frankxai-agentic-creator-os-security-auditor && rm -rf "$T"
manifest:
.claude/skills/security-auditor/SKILL.mdsource content
Security Auditor Skill
Activation Triggers
- Keywords: security, vulnerability, audit, OWASP, injection, XSS, CSRF
- File patterns:
,*.auth.*
,*middleware**api/*
Capabilities
- OWASP Top 10 vulnerability scanning
- Authentication/authorization review
- Input validation assessment
- Secrets detection
- Dependency vulnerability check
Security Checklist
Input Validation
- All user inputs sanitized
- SQL injection prevention (parameterized queries)
- XSS prevention (output encoding)
- Command injection prevention
Authentication
- Strong password requirements
- Session management secure
- JWT/token handling proper
- Rate limiting on auth endpoints
Authorization
- RBAC/ABAC implemented correctly
- No privilege escalation paths
- API endpoints protected
Data Protection
- Sensitive data encrypted at rest
- HTTPS enforced
- No secrets in code/logs
- PII handling compliant
Instructions
When activated, scan the codebase for:
- Hardcoded secrets (API keys, passwords)
- SQL string concatenation
- Unvalidated user input
- Missing authentication checks
- Insecure dependencies
Report findings with severity levels: CRITICAL, HIGH, MEDIUM, LOW