from code-audit537
Perform professional code security audits across 9 languages with configurable quick/standard/deep modes and Docker-backed verification.
A comprehensive code security audit skill that guides the agent through reconnaissance, pattern-based vulnerability hunting, verification (including Docker sandbox verification), and reporting. Supports quick/standard/deep modes and language-specific checklists for Java, Python, Go, PHP, JavaScript/Node, C/C++, .NET/C#, Ruby, and Rust.
Use when a user requests a security/code audit, vulnerability scanning, penetration-test preparation, or a pre-deployment security review. Choose 'quick' for CI checks, 'standard' for regular audits, and 'deep' for full pentest-style investigations.
Best with code-capable agents offering file read/grep/exec and LSP features (Copilot/Codex-like agents, Cursor/Claude Code integrations).
Comprehensive code security audit skill covering 9 languages and 143 mandatory detection items across quick/standard/deep modes. Well-structured SKILL.md with clear triggers, execution controller with mandatory outputs per step, anti-hallucination and anti-confirmation-bias rules, and progressive disclosure via references/. No bundled scripts — all execution is driven by the SKILL.md instructions using standard agent tools (Read, Grep, Glob, Bash, Task, LSP). Bilingual Chinese/English adds accessibility.
No scripts to test — static analysis only. Skill is purely prompt-driven with no executable code. Well-designed execution controller with gate conditions (must stop and wait for user confirmation before proceeding). Docker commands are user-initiated sandbox verification, not security concerns. Clean skill with no security issues detected.
