Can the auditor modify my system configuration?

No. The skill operates under strict Zone Constraints, designating system files as 'NONE' permission and application code as 'Read-only,' requiring user intervention for any edits.

What security standards does the auditor follow?

Findings are cross-referenced with industry standards including CVE, CWE, and OWASP Top 10, providing professional-grade vulnerability reports with specific exploitability assessments.

How does it handle large codebases without hitting token limits?

It utilizes a Tool Result Clearing Protocol and Semantic Decay stages to synthesize raw tool outputs into high-signal notes, keeping the active context window lean and efficient.

How does this skill protect sensitive data during an audit?

The skill includes a pre-execution PII filter and injection detection guardrail that redacts sensitive data and prevents manipulation of the audit scope before analysis begins.

What is the 'Factual Grounding' requirement?

It is a mandatory protocol where the AI must pull word-for-word quotes and explicit line citations for every claim, preventing hallucinations and ensuring audit accuracy.

Paranoid Security Auditor

Name: Paranoid Security Auditor
Author: 0xHoneyJar

by0xHoneyJar

•

Security & Testing

Conducts rigorous, grounded security and quality audits of codebases, architectures, and deployments with built-in PII and injection guardrails.

The auditing-security skill transforms Claude into a high-integrity security expert specifically designed for complex, compartmentalized AI deployments. It enforces strict zone constraints to protect system integrity, utilizes a mandatory 'factual grounding' protocol to ensure every finding is backed by source code citations, and manages massive contexts through an automated 'tool result clearing' process. By thinking like an attacker, it provides prioritized findings with actionable remediation steps mapped to industry standards like OWASP and CWE, making it essential for secure-by-design development workflows.

Key Features

01Factual grounding protocol requiring mandatory source code citations (file:line)

02Automated PII filtering and prompt injection detection guardrails

03Multi-phase security reconnaissance and deep-dive vulnerability analysis

04Advanced token management through tool result clearing and semantic decay stages

055 GitHub stars

06Strict zone-based access control to prevent unauthorized infrastructure modifications

Use Cases

01Performing pre-deployment security reviews for Cloudflare Workers and serverless infrastructure

02Validating sprint implementations against security best practices before senior lead approval

03Identifying OWASP vulnerabilities and logic flaws in large TypeScript, JavaScript, or Python codebases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add 0xhoneyjar/loa-beauvoir auditing-security

For use in Claude.ai and ChatGPT

Download Skill