This is your OWASP Top 10 scanner wrapped in a Claude skill. It runs grep patterns across your codebase looking for hardcoded secrets, SQL injection vectors, missing auth checks, weak crypto, and the other usual suspects. The audit checklist is solid and the bash one-liners are ready to copy-paste. Honestly though, it's doing pattern matching, not deep static analysis, so it'll catch low-hanging fruit like passwords in strings and bare exec calls but won't replace proper security tooling. Best used as a first-pass code review before you bring in the real scanners, or when you need a quick gut check on a pull request.
npx skills add https://github.com/charon-fan/agent-playbook --skill security-auditor