Security Audit
Audit the current file for common security vulnerabilities.
What happens when you install it
You run the install command
mcp install-skill security-auditMCPHub CLI downloads this prompt from the registry.
Saved as a file in Claude Code
~/.claude/commands/security-audit.mdClaude Code reads all .md files in this folder as slash commands.
Use it in any conversation
/security-auditin Claude Code (after restart)Claude runs the prompt against your current file or selection — no copy-paste needed.
Content
Security Audit
Audit the current file or selection for security vulnerabilities. Think like an attacker with access to the source code.
Critical — fix immediately
- SQL / NoSQL injection
- Command injection (
exec,eval, shell calls with user input) - Authentication bypass
- Broken access control (missing authz checks)
- Hardcoded secrets, API keys, or credentials
High — fix before shipping
- XSS (reflected, stored, DOM-based)
- Missing CSRF protection on state-changing endpoints
- Insecure deserialization
- Sensitive data in logs, error messages, or responses
- Mass assignment / parameter pollution
Medium — fix soon
- Missing input validation or sanitization
- Insecure direct object references (IDOR)
- Security misconfiguration (verbose errors, directory listing)
- Weak cryptography choices
Low — track and address
- Missing security headers
- Overly permissive CORS
- Dependency with known CVE
Output format
For each finding:
[SEVERITY] — Vulnerability name
- Location:
file:line - What: What the vulnerability is
- Attack vector: How an attacker would exploit it
- Fix: Concrete remediation with code if applicable
If no vulnerabilities found, say so explicitly.
Install
After install, restart Claude Code and type:
/security-auditRequires MCPHub CLI
Author
MCPHub
github.com/sallyhellerLooking for Agents?
Agents run with a full system prompt and persistent behavior — not just a one-off command.
Browse agents →