Can this skill fix the security issues it finds?

While it primarily identifies and reports issues, you can ask Claude to generate the necessary code changes or configuration updates based on the audit's findings.

Do I need external tools to run this audit?

Yes, you need a Playwright MCP server, a Chromium-based browser, and shell access to openssl and curl for the full assessment.

How does this skill detect security vulnerabilities?

It uses a multi-layered approach combining Chrome DevTools Protocol (CDP) for real-time browser issues, OpenSSL for network-level TLS analysis, and DOM inspection for configuration errors.

What kind of reports does the security-audit skill generate?

It produces a structured Markdown report including an overall letter grade (A-F), detailed tables for TLS, headers, and cookies, and specific remediation steps.

Security Audit Toolkit

Name: Security Audit Toolkit
Author: anouar1991

byanouar1991

•

Security & Testing

Performs comprehensive client-side security assessments of web applications to identify vulnerabilities and compliance issues.

The security-audit skill empowers Claude to conduct deep technical evaluations of a website's security posture. It leverages the Chrome DevTools Protocol (CDP) to detect mixed content and CSP violations, uses OpenSSL for rigorous TLS certificate analysis, and inspects cookie flags for compliance with modern security standards. By automating these checks, it provides developers with an immediate security grade (A-F) and actionable recommendations for hardening web applications against common attacks like XSS, clickjacking, and session hijacking.

Key Features

011 GitHub stars

02Automated TLS certificate and cipher suite validation via OpenSSL

03Subresource Integrity (SRI) checks for third-party CDN assets

04Automated security header verification for HSTS, X-Frame-Options, and more

05Real-time detection of CSP violations and mixed content issues using CDP

06Comprehensive cookie attribute analysis (Secure, HttpOnly, SameSite)

Use Cases

01Auditing third-party script integrations to ensure data integrity and prevent supply chain attacks

02Troubleshooting and fixing Content Security Policy (CSP) errors or mixed content warnings

03Conducting a final security check before deploying a web application to production

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add anouar1991/binarypetsclaude security-audit

For use in Claude.ai and ChatGPT

Download Skill