code-security-audit
Comprehensive code security audit toolkit combining OWASP Top 10 vulnerability scanning, dependency analysis, secret detection, SSL/TLS verification, AI Agent security checks, and automated security scoring. Use when auditing codebases, scanning for vulnerabilities, detecting hardcoded secrets, checking OWASP compliance, AI/LLM application security, or preparing for security reviews.
Best for security reviewsWorks with GitHubLow risk
⌘source
- author
@LeoYeAI- language
- Python
★2kstars
306forks
May 6, 2026
✦overview.md
Key Features
- ·OWASP Top 10 vulnerability scanning
- ·Dependency vulnerability analysis
- ·Secret detection (70+ patterns)
- ·SSL/TLS verification
- ·Automated security scoring (0-100)
- ·AI agent security checks
Use Cases
- →Audit a codebase for OWASP Top 10 vulnerabilities before release
- →Scan project dependencies for known vulnerabilities
- →Detect hardcoded API keys and secrets in source code
- →Verify SSL/TLS configuration for web services
- →Prepare for a security review with automated scoring
Best for
- ✓security reviews
- ✓CI/CD security gates
- ✓pre-release audits
Not ideal for
- !real-time threat monitoring
- !runtime security
FAQs
name
code-security-audit
description
Comprehensive code security audit toolkit combining OWASP Top 10 vulnerability scanning, dependency analysis, secret detection, SSL/TLS verification, AI Agent security checks, and automated security scoring. Use when auditing codebases, scanning for vulnerabilities, detecting hardcoded secrets, checking OWASP compliance, AI/LLM application security, or preparing for security reviews.
version:2.1.0
author:LobsterAI Security Team
metadata:{"category":"security","requires_bins":["npm","git","openssl","curl"],"features":[{"owasp_top_10":true},{"dependency_scan":true},{"secret_detection":true},{"ssl_verification":true},{"security_scoring":true},{"auto_fix":true},{"ai_agent_security":true}],"languages":["javascript","typescript","python","go","java","rust","php","ruby","solidity"],"score_range":"0-100"}
Code Security Audit
Unified security audit toolkit combining OWASP Top 10 vulnerability scanning, dependency analysis, secret detection, SSL/TLS verification, AI Agent security checks, and automated security scoring.
Overview
This skill merges the best of security-auditor and security-audit-toolkit into a comprehensive security auditing solution:
- ✅ OWASP Top 10 Vulnerability Detection - All 10 categories with code patterns
- ✅ Dependency Vulnerability Scanning - npm, pip, cargo, go modules
- ✅ Secret Detection - 70+ API key patterns, credentials, private keys, crypto wallets
- ✅ SSL/TLS Verification - Certificate validation, cipher suite checks
- ✅ AI Agent Security - Numeric risks, prompt injection, crypto wallet safety (NEW)
- ✅ Security Scoring - Quantified 0-100 security score
- ✅ Auto-Fix Suggestions - Actionable remediation recommendations
- ✅ Multi-Language Support - JS/TS, Python, Go, Java, Rust, PHP, Ruby, Solidity
- ✅ CI/CD Integration - GitHub Actions, GitLab CI templates
Quick Start
# Full security audit with scoring
./scripts/security-audit.sh --full
# Quick scan (secrets + dependencies only)
$install
1-click copynpx skills add LeoYeAI/openclaw-master-skills --skill code-security-auditSafety assessment
★
Clarity score
How clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
4/ 5
very goodClear and well structured, with only minor parts that might need a second read.
◎
Actionability score
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
4/ 5
highMostly actionable with clear steps; only a few small gaps remain.