This is a structured methodology for finding exploitable vulnerabilities in codebases. It runs through six phases: reconnaissance to map attack surfaces, parallel hunting across different vulnerability classes (injection, auth bypass, memory safety, business logic), adversarial validation of findings, and structured reporting. The approach is opinionated: it only counts bugs you can actually exploit, pushes you to confirm findings dynamically when possible, and explicitly filters out defense-in-depth theater. It writes outputs to a timestamped directory and reads prior runs to avoid duplicate work, which matters because testing apparently shows a single run only catches about half the issues. Best suited for serious security review where you want methodical coverage, not a quick scan.
npx -y skills add cloudflare/security-audit-skill --skill security-audit --agent claude-codeInstalls into .claude/skills of the current project.
Select a file.
giuseppe-trisciuoglio/developer-kit