This is your pre-deployment security scanner that catches vulnerabilities before they ship. It runs dependency audits (npm audit, pip-audit), hunts for leaked secrets using entropy analysis and regex patterns, and does static analysis for OWASP Top 10 issues like SQL injection and XSS. The documentation is solid with clear decision trees on severity handling and language-specific gotchas. Best used in CI/CD pipelines where it can fail builds on critical findings. Not a penetration testing tool and won't help with runtime security or compliance certifications. The anti-pattern section on audit fatigue is spot on: prioritize by exploitability or your team will ignore everything. Pairs well with deployment automation skills for secure pipelines.
npx skills add https://github.com/erichowens/some_claude_skills --skill security-auditor