← Back to the catalog Review security of command execution, tool permissions, and API key handling. Use when user mentions "security review", "audit", "check security", "vulnerabilities", or before deploying to production.
View on GitHub ↗ Copy repo URL Copy SKILL.md link /plugin marketplace add aiskillstore/marketplace The exact command may vary by repository. Check the README on GitHub.
For the skill author
Shows your skill is listed on Skillteca, generates a backlink and trackable traffic.
Markdown HTML
[](https://www.skillteca.com.br/skills/security-audit-mpsyvk5b?utm_source=badge&utm_medium=readme&utm_campaign=badge) Copy snippet Team Mode security research skill orchestrates 3 vulnerability hunters and 2 PoC engineers to audit a codebase in parallel, prove exploitability, classify root causes, and calibrate severity. It is used for security review, vulnerability research, exploitability audit, and threat model validation.
Segurança by code-yeongyu
Provide a comprehensive, structured reference for the 100 most critical web application vulnerabilities organized by category. This skill enables systematic vulnerability identification, impact assessment, and remediation guidance across the full spectrum of web security threats.
Segurança #github #git by sickn33
Orchestrate multiple Antigravity skills through guided workflows for SaaS MVP delivery, security audits, AI agent builds, and browser QA.
Segurança #github #git by sickn33
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
Segurança #github #git by sickn33
Category alert
One short email with only the new Segurança skills. 4 minutes of reading, no spam, unsubscribe with one click.
You confirm your email on the first send. No spam. Unsubscribe with one click.
Security Audit
Instructions
Command Execution Review (backend/main.py):
Check run_terminal_command() for shell injection vulnerabilities
Verify timeout is enforced (should be 15 seconds)
Look for dangerous command patterns
Tool Permission Review :
Verify Chat mode only allows: read_file, web_search
Check Agent mode tool restrictions
Look for permission bypass vulnerabilities
Secrets Management :
Ensure .env is in .gitignore
Check no API keys are hardcoded
Verify python-dotenv usage for environment variables
WebSocket Security :
Check for authentication on /ws endpoint
Review message validation
Look for injection points in user input
Frontend Security :
Check for XSS in markdown rendering
Review image upload handling (base64 encoding)
Verify no sensitive data in client-side code
Generate report with:
Critical issues (immediate action required)
Warnings (should fix before production)
Recommendations (best practices)
Examples
"Run a security audit"
"Check for vulnerabilities"
"Review security before deploy"
Guardrails
This is a READ-ONLY audit; do not modify files
Report findings without exploiting vulnerabilities
Recommend fixes but get user approval before implementing
Never log or expose discovered secrets
Read full description↓
Comments · No comments No comments yet. Be the first.