Scans your code for OWASP Top 10 vulnerabilities and flags them with specific fixes. Triggers automatically on file changes, especially in auth or database code, and before deployments. Catches SQL injection, XSS, hardcoded secrets, weak authentication patterns, and missing access controls with severity ratings from critical to low. Each alert shows the exact line, a code example of the fix, and an OWASP reference link. Works standalone for quick pattern matching or pairs with the code-reviewer sub-agent when you need a full threat model. The real value is in the instant feedback loop, catching things like `element.innerHTML = userInput` before they ship.
npx skills add https://github.com/ovachiever/droid-tings --skill security-auditor