/security-audit
Perform comprehensive security analysis to identify vulnerabilities and provide remediation guidance.
Overview
- Purpose: Security vulnerability detection and remediation
- Category: Specialized Commands
- Type: Dynamic prompt
- MCP Tools:
multi_llm_review(security focus)
Syntax
bash
/security-audit [scope] [standard]Usage Examples
bash
# Full security audit
/security-audit
# Specific areas
/security-audit authentication
/security-audit api
/security-audit database
# Compliance standards
/security-audit --standard OWASP
/security-audit --standard PCI-DSSSecurity Checks
Authentication & Authorization
- Password policies
- Session management
- JWT implementation
- OAuth configuration
- Role-based access
Input Validation
- SQL injection
- XSS vulnerabilities
- Command injection
- Path traversal
- File upload security
Data Protection
- Encryption at rest
- Encryption in transit
- Sensitive data exposure
- API security
- CORS configuration
Output Example
🔒 Security Audit Report
## Summary
Security Score: 68/100
Critical Issues: 2
High Priority: 5
Medium Priority: 8
## Critical Vulnerabilities
### 1. SQL Injection
Location: api/search.js:45
```javascript
// Vulnerable code
const query = `SELECT * FROM products WHERE name LIKE '%${search}%'`;
// Secure fix
const query = 'SELECT * FROM products WHERE name LIKE ?';
db.query(query, [`%${search}%`]);Risk: Database compromise Status: 🔴 Immediate fix required
2. Missing Rate Limiting
Location: Authentication endpoints Impact: Brute force attacks possible Fix: Implement rate limiting middleware
High Priority Issues
Weak Password Policy
- Current: No requirements
- Required: 8+ chars, mixed case, numbers, symbols
Missing CSRF Protection
- Affected: All POST endpoints
- Fix: Add CSRF tokens
Insecure Session Storage
- Current: localStorage
- Fix: Use httpOnly cookies
Recommendations
- Immediate: Fix SQL injection
- Today: Add rate limiting
- This week: Implement CSRF protection
- This month: Security training for team
Compliance Gaps
- OWASP Top 10: 3 violations
- GDPR: Missing data encryption
- PCI-DSS: Not compliant (if handling payments)
## Best Practices
## Prompt Adaptation
This prompt dynamically adapts based on:
### Context Discovery
- Analyzes current project state and structure
- Discovers existing patterns and conventions
- Understands team workflows and preferences
- Adapts to technology stack and architecture
### Intelligence Patterns
- Learns from previous executions in the project
- Adapts complexity based on team expertise
- Prioritizes based on project phase
- Suggests optimizations from accumulated knowledge
## Memory Integration
This prompt actively uses and updates distributed memory:
### Reads From
- `CLAUDE.md` - Project context and conventions
- `.orchestre/` - Orchestration state and patterns
- Feature-specific CLAUDE.md files
- Previous execution results
### Updates
- Relevant CLAUDE.md files with new insights
- `.orchestre/` with execution patterns
- Documentation as part of the workflow
- Pattern library with successful approaches
### 1. Regular Audits
```bash
# Monthly security check
/security-audit --monthly
# Pre-deployment audit
/security-audit --pre-deploy2. Fix Critical First
Focus on critical vulnerabilities before minor issues
3. Track Progress
bash
/security-audit --save-report
# Fix issues
/security-audit --compare-lastIntegration
With Development
bash
/security-audit
/execute-task "Fix critical security issues"
/security-audit --verify-fixesWith CI/CD
Include security audits in deployment pipeline
Direct Invocation
This is a dynamic prompt that Claude executes directly - no file installation needed:
bash
# Simply type the command
/security-audit [parameters]
# Claude will:
# 1. Analyze current context
# 2. Discover relevant patterns
# 3. Execute intelligently
# 4. Update distributed memory
# 5. Provide detailed resultsRelated
- /review --security - Security-focused review
- Security Patterns - Security best practices
- OWASP Guidelines - External reference