Runs comprehensive security scans across your codebase, checking for the usual suspects like SQL injection, XSS, path traversal, and hardcoded secrets. Also does CVE scanning on dependencies and can generate full audit reports. The guidance is actually helpful here: it tells you to trigger this for anything touching authentication, payments, or user data, but skip it for documentation and styling work. Commands are granular enough that you can run just input validation checks on a specific path instead of scanning everything. The threat modeling and auto-remediation scripts are nice additions if you're doing serious security work rather than just checking boxes.
npx skills add https://github.com/ruvnet/ruflo --skill security-audit