Continuous-Claude-v3 security
Security audit workflow - vulnerability scan → verification
install
source · Clone the upstream repo
git clone https://github.com/parcadei/Continuous-Claude-v3
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/parcadei/Continuous-Claude-v3 "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.claude/skills/security" ~/.claude/skills/parcadei-continuous-claude-v3-security && rm -rf "$T"
manifest:
.claude/skills/security/SKILL.mdsource content
/security - Security Audit Workflow
Dedicated security analysis for sensitive code.
When to Use
- "Security audit"
- "Check for vulnerabilities"
- "Is this secure?"
- "Review authentication code"
- "Check for injection attacks"
- Before handling auth, payments, user data
- After adding security-sensitive features
Workflow Overview
┌─────────┐ ┌───────────┐ │ aegis │───▶│ arbiter │ │ │ │ │ └─────────┘ └───────────┘ Security Verify audit fixes
Agent Sequence
| # | Agent | Role | Output |
|---|---|---|---|
| 1 | aegis | Comprehensive security scan | Vulnerability report |
| 2 | arbiter | Verify fixes, run security tests | Verification report |
Why Dedicated Security?
The
/review- Specialized vulnerability patterns
- Dependency scanning
- Secret detection
- OWASP Top 10 checks
- Authentication/authorization review
Execution
Phase 1: Security Audit
Task( subagent_type="aegis", prompt=""" Security audit: [SCOPE] Scan for: **Injection Attacks:** - SQL injection - Command injection - XSS (Cross-Site Scripting) - LDAP injection **Authentication/Authorization:** - Broken authentication - Session management issues - Privilege escalation - Insecure direct object references **Data Protection:** - Sensitive data exposure - Hardcoded secrets/credentials - Insecure cryptography - Missing encryption **Configuration:** - Security misconfigurations - Default credentials - Verbose error messages - Missing security headers **Dependencies:** - Known vulnerable packages - Outdated dependencies - Supply chain risks Output: Detailed report with: - Severity (CRITICAL/HIGH/MEDIUM/LOW) - Location (file:line) - Description - Remediation steps """ )
Phase 2: Verification (After Fixes)
Task( subagent_type="arbiter", prompt=""" Verify security fixes: [SCOPE] Run: - Security-focused tests - Dependency audit (npm audit, pip audit) - Re-check reported vulnerabilities - Verify fixes don't introduce regressions Output: Verification report """ )
Security Scopes
Full Codebase
User: /security → Scan entire codebase
Specific Area
User: /security authentication → Focus on auth-related code
Single File
User: /security src/api/auth.py → Deep dive on one file
Dependencies Only
User: /security --deps → Only dependency vulnerabilities
Example
User: /security the payment processing code Claude: Starting /security audit for payment code... Phase 1: Security audit... [Spawns aegis] ┌─────────────────────────────────────────────────────────────┐ │ Security Audit Report │ ├─────────────────────────────────────────────────────────────┤ │ Scope: src/services/payment/ │ │ Files scanned: 12 │ │ Lines analyzed: 2,847 │ ├─────────────────────────────────────────────────────────────┤ │ CRITICAL (1) │ │ ────────── │ │ [C1] SQL Injection in payment.py:89 │ │ query = f"SELECT * FROM orders WHERE id = {order_id}" │ │ Fix: Use parameterized queries │ │ │ │ HIGH (2) │ │ ──────── │ │ [H1] Hardcoded API key in stripe_client.py:12 │ │ STRIPE_KEY = "sk_live_..." │ │ Fix: Move to environment variable │ │ │ │ [H2] Missing input validation in refund.py:45 │ │ amount = request.json['amount'] # No validation │ │ Fix: Validate amount is positive number │ │ │ │ MEDIUM (1) │ │ ────────── │ │ [M1] Verbose error messages in error_handler.py:23 │ │ return {"error": str(e)} # Leaks internal details │ │ Fix: Return generic message, log details internally │ │ │ │ LOW (0) │ │ ─────── │ │ None │ ├─────────────────────────────────────────────────────────────┤ │ Summary: 1 critical, 2 high, 1 medium, 0 low │ │ Status: BLOCKING - Fix critical issues before release │ └─────────────────────────────────────────────────────────────┘ Fix the critical and high issues, then run: /security --verify
After Fixes
User: /security --verify Claude: Phase 2: Verifying fixes... [Spawns arbiter] ✅ C1: SQL injection fixed - using parameterized queries ✅ H1: API key moved to environment variable ✅ H2: Input validation added ✅ M1: Error messages sanitized All security tests passing. Security audit: PASSED
OWASP Top 10 Coverage
| Risk | Checked |
|---|---|
| A01 Broken Access Control | ✅ |
| A02 Cryptographic Failures | ✅ |
| A03 Injection | ✅ |
| A04 Insecure Design | ✅ |
| A05 Security Misconfiguration | ✅ |
| A06 Vulnerable Components | ✅ |
| A07 Auth Failures | ✅ |
| A08 Data Integrity Failures | ✅ |
| A09 Logging Failures | ✅ |
| A10 SSRF | ✅ |
Flags
: Dependencies only--deps
: Re-run after fixes--verify
: Explicit OWASP Top 10 report--owasp
: Focus on secret detection--secrets