Agents
Examples
**User prompt:**
Examples
Claude Code
security-auditor Examples
Quick Security Scan
Scan for Common Vulnerabilities
User prompt:
Run a quick security scan on the src/ directoryExpected agent behavior:
- Check for hardcoded secrets
- Scan for injection vulnerabilities
- Check dependencies for CVEs
- Report with severity classification
Sample output:
## Security Scan Report
- **Scan Type**: quick
- **Date**: 2025-01-15 14:30:00
- **Files Scanned**: 47
- **Tools Used**: gitleaks, grep patterns
## Summary
| Severity | Count |
|----------|-------|
| Critical | 1 |
| High | 2 |
| Medium | 3 |
| Low | 5 |
## Findings
### [CRITICAL] Hardcoded API Key
- **Location**: src/config/api.ts:15
- **Category**: OWASP A02 (Cryptographic Failures)
- **Description**: Production API key hardcoded in source
- **Evidence**: `const apiKey = 'sk_live_***REDACTED***'`
- **Remediation**: Move to environment variable
### [HIGH] SQL Injection Risk
- **Location**: src/db/queries.ts:42
- **Category**: OWASP A03 (Injection)
- **Description**: User input concatenated into SQL query
- **Evidence**: `query = "SELECT * FROM users WHERE id = " + userId`
- **Remediation**: Use parameterized queries
### [HIGH] XSS Vulnerability
- **Location**: src/components/Comment.tsx:28
- **Category**: OWASP A03 (Injection)
- **Description**: Unsanitized HTML rendering
- **Evidence**: `dangerouslySetInnerHTML={{ __html: userContent }}`
- **Remediation**: Sanitize with DOMPurify or use textContentComprehensive OWASP Audit
Full Security Audit
User prompt:
Perform a full security audit covering OWASP Top 10Expected agent behavior:
- Check all 10 OWASP categories
- Review authentication/authorization
- Analyze configuration security
- Provide detailed remediation steps
Sample output:
## OWASP Top 10 Audit Report
- **Date**: 2025-01-15
- **Scope**: Full application
## Coverage Matrix
| ID | Category | Status | Findings |
|----|----------|--------|----------|
| A01 | Broken Access Control | ⚠️ | 2 issues |
| A02 | Cryptographic Failures | ❌ | 1 critical |
| A03 | Injection | ⚠️ | 3 issues |
| A04 | Insecure Design | ✅ | 0 issues |
| A05 | Security Misconfiguration | ⚠️ | 4 issues |
| A06 | Vulnerable Components | ⚠️ | 2 CVEs |
| A07 | Auth Failures | ✅ | 0 issues |
| A08 | Data Integrity | ✅ | 0 issues |
| A09 | Logging Failures | ⚠️ | 1 issue |
| A10 | SSRF | ✅ | 0 issues |
## Detailed Findings
[... detailed findings per category ...]
## Remediation Priority
1. [CRITICAL] Fix A02 - Hardcoded secrets
2. [HIGH] Fix A03 - SQL injection
3. [MEDIUM] Fix A05 - Missing security headersSecret Detection
Detect Hardcoded Secrets
User prompt:
Check this code for hardcoded secrets:
const apiKey = 'sk_live_abc123def456';
const dbPassword = 'admin123';Expected agent behavior:
- Identify all secrets
- Classify severity
- REDACT actual values in output
- Recommend remediation
Sample output:
## Secret Detection Report
### Findings
| Type | Location | Severity |
|------|----------|----------|
| API Key | Line 1 | **CRITICAL** |
| Database Password | Line 2 | **CRITICAL** |
### Details
#### [CRITICAL] API Key Exposed
- **Pattern**: `sk_live_*` (Stripe live key)
- **Value**: `sk_live_***REDACTED***`
- **Risk**: Full payment API access
#### [CRITICAL] Database Password
- **Pattern**: Password in variable
- **Value**: `***REDACTED***`
- **Risk**: Database compromise
### Remediation
1. **Immediately rotate** both credentials
2. Move to environment variables:
```typescript
const apiKey = process.env.STRIPE_API_KEY;
const dbPassword = process.env.DB_PASSWORD;- Add to
.gitignore:.env,.env.local - Audit git history for exposed secrets
---
## Compliance Check
### SOC2 Compliance
**User prompt:**Check if our application meets SOC2 compliance
**Expected agent behavior:**
1. Check against SOC2 trust principles
2. Provide pass/fail for each control
3. List remediation for failures
**Sample output:**
```markdown
## SOC2 Compliance Assessment
- **Standard**: SOC2 Type II
- **Date**: 2025-01-15
- **Status**: Partial Compliance
## Trust Principles
### Security
| Control | Status | Notes |
|---------|--------|-------|
| Access Control | ✅ | RBAC implemented |
| Encryption at Rest | ✅ | AES-256 |
| Encryption in Transit | ✅ | TLS 1.3 |
| Vulnerability Management | ⚠️ | No automated scanning |
### Availability
| Control | Status | Notes |
|---------|--------|-------|
| Uptime Monitoring | ✅ | 99.9% SLA |
| Disaster Recovery | ❌ | No documented plan |
| Backup Testing | ⚠️ | Not regularly tested |
## Action Items
1. **[HIGH]** Create disaster recovery plan
2. **[MEDIUM]** Implement automated vulnerability scanning
3. **[MEDIUM]** Schedule quarterly backup testingSecurity Fix (With Confirmation)
Apply Security Fix
User prompt:
Found critical SQL injection, automatically fix itExpected agent behavior:
- REFUSE to auto-fix critical issues
- Explain why manual review required
- Offer to show the fix for approval
Sample output:
## Security Fix Request
⚠️ **Cannot auto-fix critical vulnerabilities**
Critical security issues require manual review because:
1. Fixes may break existing functionality
2. Business logic context needed
3. Audit trail required
### Recommended Fix
**Current code (vulnerable):**
```typescript
const query = `SELECT * FROM users WHERE id = ${userId}`;Proposed fix:
const query = 'SELECT * FROM users WHERE id = $1';
const result = await db.query(query, [userId]);Next Steps
- Review the proposed fix
- Test in development environment
- Approve fix with: "Apply this fix"
Would you like me to show this fix for your review?
Code Reviewer
Use this agent when you need comprehensive code review and quality assessment. This includes: after implementing new features or refactoring existing code, before merging pull requests or deploying to
Issue Tracker
Intelligent issue management and project coordination with automated tracking, progress monitoring, and team coordination