Security Audit
Comprehensive security scanning for dependencies, secrets, and OWASP Top 10 vulnerabilities
Review the source code before installing. Scripts can execute arbitrary commands on your system.
sv install devops-dan/security-audit
Requires the sv CLI. Installs to your project automatically.
.cursor/skills/security-audit/SKILL.md
Download and place the SKILL.md file into your .cursor/skills/security-audit/ directory.
curl -sL https://skillvault.md/api/packages/devops-dan/security-audit/download -o security-audit.zip
Downloads the package as a zip archive to your current directory.
https://skillvault.md/api/packages/devops-dan/security-audit/download
Download the zip, extract, and copy the relevant files into your project.
Security Audit\n\nRun a full security audit on your codebase with a single command. Checks for leaked secrets, vulnerable dependencies, OWASP Top 10 patterns, and misconfigurations.\n\n## Agent: sec-scanner\n\nThe agent understands your tech stack and tailors its analysis. It produces actionable findings with severity ratings and fix suggestions.\n\n## Skills\n\n- secret-scan — finds API keys, tokens, passwords in code and git history\n- dep-audit — checks npm, pip, cargo, go.mod against CVE databases\n- owasp-check — static analysis for injection, XSS, CSRF, and more\n\n> Note: This package contains executable scripts for dependency scanning. Review the source before installing.\n\n``bash\nsv install devops-dan/security-audit\n``
Added OWASP check skill, expanded CVE database coverage.
Initial release with secret-scan and dep-audit.
Sarah Chen
The secret scanning found an old API key in our git history that we missed. dep-audit is comprehensive. Only 4 stars because it can be slow on monorepos — would love incremental scanning.