中文 | English

适用于 Claude Code 的代码安全审计 Skill，支持 Python、Node.js、Go、Java，基于 Source→Sink 数据流分析模型。

• 三级审计模式 — 轻度（快速扫描）/ 中度（标准审计）/ 深度（渗透测试级），按需控制 token 消耗
• 依赖漏洞扫描 — 原生工具（pip-audit / npm audit / govulncheck / OWASP dependency-check）+ Claude 分析双引擎
• 代码安全扫描 — OWASP Top 10、注入、反序列化、XSS、SSRF、XXE、敏感信息泄露、业务逻辑缺陷
• 攻击链构建 — 自动识别漏洞间的组合利用路径，评估整体影响
• 配置审计 — DEBUG 模式、CORS、安全头、TLS、Docker/K8s、管理端点暴露
• 结构化报告 — 终端输出或 Markdown 报告，含数据流路径、CWE 编号和修复建议

git clone https://github.com/chaigon/code-security-audit-skill.git
cp -r code-security-audit-skill ~/.claude/skills/code-security-audit

帮我做个安全审计              # 中度（默认）
帮我快速扫描下安全问题         # 轻度
对这个项目做深度安全审计        # 深度

对 OWASP Juice Shop v19.1.1 执行深度审计的完整结果：

• 📄 Juice Shop 审计报告
• 📊 白盒 vs 黑盒对比 — 与 Shannon 自动化渗透工具结果对比
• 发现 42 个漏洞（8 Critical / 18 High / 12 Medium / 4 Low），比黑盒工具多发现 90%
• 构建 6 条攻击链，最严重的从未认证 SQL 注入到 RCE 全链路
• 覆盖：注入、认证授权、IDOR、XSS、SSRF、文件操作、业务逻辑、配置安全

审计过程使用 4 个并行 Agent，按攻击面划分非重叠搜索模式：

code-security-audit/
├── SKILL.md                         # 审计工作流（五阶段 + 三级模式）
├── scripts/
│   ├── dep_audit.sh                 # Python/Node/Go 依赖扫描
│   └── dep_audit_java.sh            # Java 依赖扫描
└── references/
    ├── vulnerability_rules.md       # 漏洞规则库（含攻击链模式）
    ├── report_template.md           # 报告模板（含攻击链章节）
    └── examples/
        ├── juice-shop-audit.md      # Juice Shop 审计示例报告
        └── juice-shop-comparison.md # 白盒 vs 黑盒对比分析

A Claude Code skill for code security auditing. Supports Python, Node.js, Go, and Java with a Source→Sink dataflow analysis model.

• Three audit modes — Light (quick scan) / Standard (default) / Deep (pentest-grade), token consumption scales accordingly
• Dependency scanning — Dual engine: native tools (pip-audit / npm audit / govulncheck / OWASP dependency-check) + Claude analysis
• Code security scanning — OWASP Top 10, injection, deserialization, XSS, SSRF, XXE, credential leaks, business logic flaws
• Attack chain construction — Automatically identifies chained exploitation paths across vulnerabilities
• Configuration audit — DEBUG mode, CORS, security headers, TLS, Docker/K8s, exposed management endpoints
• Structured reports — Terminal output or Markdown report with dataflow paths, CWE IDs, and fix suggestions

git clone https://github.com/chaigon/code-security-audit-skill.git
cp -r code-security-audit-skill ~/.claude/skills/code-security-audit

security audit this project          # Standard (default)
quick scan for security issues       # Light
do a deep security audit             # Deep

Full deep audit results on OWASP Juice Shop v19.1.1:

• 📄 Juice Shop Audit Report
• 📊 White-box vs Black-box Comparison — compared with Shannon automated pentest tool
• Found 42 vulnerabilities (8 Critical / 18 High / 12 Medium / 4 Low), 90% more than black-box tools
• Constructed 6 attack chains, the most severe being unauthenticated SQL injection to RCE
• Coverage: injection, auth/authz, IDOR, XSS, SSRF, file ops, business logic, configuration

The audit used 4 parallel agents with non-overlapping search patterns by attack surface:

code-security-audit/
├── SKILL.md                         # Audit workflow (5-phase + 3 modes)
├── scripts/
│   ├── dep_audit.sh                 # Python/Node/Go dependency scan
│   └── dep_audit_java.sh            # Java dependency scan
└── references/
    ├── vulnerability_rules.md       # Vulnerability rules (incl. attack chain patterns)
    ├── report_template.md           # Report template (incl. attack chain section)
    └── examples/
        ├── juice-shop-audit.md      # Juice Shop audit example report
        └── juice-shop-comparison.md # White-box vs black-box comparison

MIT