Maestro-orchestrate security-audit
Run a Maestro-style security assessment for authentication, authorization, data exposure, secret handling, and exploitability risks
install
source · Clone the upstream repo
git clone https://github.com/josstei/maestro-orchestrate
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/josstei/maestro-orchestrate "$T" && mkdir -p ~/.claude/skills && cp -r "$T/claude/skills/security-audit" ~/.claude/skills/josstei-maestro-orchestrate-security-audit && rm -rf "$T"
manifest:
claude/skills/security-audit/SKILL.mdsource content
Maestro Security Audit
Call
get_skill_contentProtocol
Before delegating, call
get_skill_contentWorkflow
- Define the audit scope from the user request and relevant code paths
- Trace trust boundaries, auth flows, secret handling, and data exposure paths
- Review for exploitable flaws, unsafe defaults, OWASP Top 10 vulnerabilities, and high-risk dependencies
- Classify findings by severity (CVSS-aligned) with file references and exploitability assessment
- Provide remediation guidance with the highest-risk issues first
Constraints
- Prefer actionable findings over generic security advice
- Present findings before proposing remediation
- State clearly when the review is limited by unavailable runtime context
- Do not modify code without explicit user approval