What is CVSS scoring and CWE references used for?

To quantify impact and root causes for each finding and guide remediation.

When should I use the security-audit skill?

During security reviews, compliance audits, incident analysis, or preparation for penetration testing.

How are findings delivered?

As a comprehensive security audit report with OWASP mapping, CVSS scores, CWE references, and a remediation roadmap.

security-audit

npx machina-cli add skill aiskillstore/marketplace/security-audit --openclaw

Files (1)

SKILL.md

1.5 KB

Security Audit Skill

Comprehensive security auditing covering code review, vulnerability assessment, OWASP Top 10, dependency analysis, and remediation planning.

What This Skill Does

Conducts security code reviews
Identifies vulnerabilities (CVSS scoring)
Performs OWASP Top 10 assessments
Audits authentication/authorization
Reviews data protection controls
Analyzes dependency vulnerabilities
Creates remediation roadmaps

When to Use

Security reviews before release
Compliance audits
Penetration test preparation
Incident response analysis
Dependency vulnerability assessment

Reference Files

references/SECURITY_AUDIT.template.md - Comprehensive security audit report format
references/owasp_checklist.md - OWASP Top 10 checklist with CVSS scoring and CWE references

Workflow

Define scope and methodology
Perform static/dynamic analysis
Document findings by severity
Map to OWASP categories
Create remediation roadmap
Verify fixes

Output Format

Security findings should include:

Severity (Critical/High/Medium/Low)
CVSS score and vector
CWE classification
Proof of concept
Remediation steps

Source

git clone https://github.com/aiskillstore/marketplace/blob/main/skills/89jobrien/security-audit/SKILL.mdView on GitHub

Overview

Provides comprehensive security auditing across code reviews, vulnerability assessments, OWASP Top 10 mapping, dependency analysis, and remediation planning. Helps teams identify risks early and create actionable remediation roadmaps.

How This Skill Works

Define scope and methodology, then perform static and dynamic analysis, document findings by severity, map issues to OWASP categories, and create a remediation roadmap. Finally, verify fixes to close vulnerabilities.

When to Use It

Security reviews before release
Compliance audits
Penetration test preparation
Incident response analysis
Dependency vulnerability assessment

Quick Start

Step 1: Define scope and methodology
Step 2: Run static and dynamic analysis
Step 3: Document findings by severity and build remediation roadmap

Best Practices

Define scope and success criteria up front
Align findings with OWASP Top 10, CVSS scoring, and CWE references
Document findings with severity, CVSS, CWE, and proof of concept
Prioritize remediation with a concrete roadmap and timelines
Verify fixes with re-scans and evidence before sign-off

Example Use Cases

Code review uncovers OWASP Top 10 flaw with remediation plan
Dependency scan detects vulnerable library; fix prioritized and tested
Authn/Authz misconfiguration identified and corrected
Incident response analysis yields remediation roadmap and controls
Audit prepared for compliance using standard templates and OWASP checklist

Frequently Asked Questions

Add this skill to your agents