Discover and explore top open-source AI tools and projects—updated daily.
cloudflareAI-powered multi-phase security auditing for codebases
New!
Top 18.9% on SourcePulse
This skill transforms a coding agent into a sophisticated security auditor, automating multi-phase code analysis to uncover exploitable vulnerabilities. It is designed for developers and security researchers seeking independently verified, machine-readable findings, significantly enhancing code security through an AI-driven, structured approach.
How It Works
The skill orchestrates a six-phase pipeline: Reconnaissance maps the application's architecture, followed by parallel Hunting agents attacking the codebase from diverse angles. Validation agents then perform adversarial reviews to eliminate false positives. Reporting generates human-readable and detailed findings, which are then structured into machine-readable findings.json conforming to report-schema.json. Finally, Independent Verification agents confirm factual claims against the source code. This approach leverages parallel processing, adversarial validation, and additive runs to systematically identify and confirm vulnerabilities.
Quick Start & Requirements
npx skills add https://github.com/cloudflare/security-audit-skill --skill security-auditvalidate-findings.cjs).~/security-audit-skill/<repo-name>/run-<N>/ by default, or a user-specified directory.Highlighted Details
findings.json) and validated against a formal schema (report-schema.json).Maintenance & Community
For questions, feedback, or discussions on AI-driven security tooling, contact security-ai-research@cloudflare.com.
Licensing & Compatibility
Limitations & Caveats
A single audit run identifies approximately half of the total vulnerabilities; multiple runs are recommended for comprehensive coverage. The skill strictly focuses on exploitable vulnerabilities with concrete attack scenarios, rather than theoretical risks or deviations from checklists. Gaps in defense-in-depth are categorized as hardening suggestions rather than direct vulnerabilities.
2 days ago
Inactive