security-audit-skill  by cloudflare

AI-powered multi-phase security auditing for codebases

Created 2 weeks ago

New!

2,333 stars

Top 18.9% on SourcePulse

GitHubView on GitHub
Project Summary

This skill transforms a coding agent into a sophisticated security auditor, automating multi-phase code analysis to uncover exploitable vulnerabilities. It is designed for developers and security researchers seeking independently verified, machine-readable findings, significantly enhancing code security through an AI-driven, structured approach.

How It Works

The skill orchestrates a six-phase pipeline: Reconnaissance maps the application's architecture, followed by parallel Hunting agents attacking the codebase from diverse angles. Validation agents then perform adversarial reviews to eliminate false positives. Reporting generates human-readable and detailed findings, which are then structured into machine-readable findings.json conforming to report-schema.json. Finally, Independent Verification agents confirm factual claims against the source code. This approach leverages parallel processing, adversarial validation, and additive runs to systematically identify and confirm vulnerabilities.

Quick Start & Requirements

  • Install: Use the Skills CLI: npx skills add https://github.com/cloudflare/security-audit-skill --skill security-audit
  • Prerequisites: Requires a coding agent capable of tool use and parallel sub-agents. Node.js is necessary for Phase 5 schema validation (validate-findings.cjs).
  • Usage: Activate by prompting your coding agent with commands like "security audit this codebase" or "find security vulnerabilities."
  • Output: Findings are saved to ~/security-audit-skill/<repo-name>/run-<N>/ by default, or a user-specified directory.

Highlighted Details

  • Employs a six-phase pipeline: Recon, Hunting, Validation, Reporting, Structured Output, and Independent Verification.
  • Supports a wide array of attack classes, including injection, access control, business logic, cryptography, memory safety, AI/LLM specific vulnerabilities, and client-side exploits.
  • Findings are machine-readable (findings.json) and validated against a formal schema (report-schema.json).
  • Multiple runs are additive, improving vulnerability discovery coverage by exploring different code paths and skipping previously identified issues.

Maintenance & Community

For questions, feedback, or discussions on AI-driven security tooling, contact security-ai-research@cloudflare.com.

Licensing & Compatibility

  • License: MIT.
  • Compatibility: The MIT license permits commercial use and integration into closed-source projects without copyleft obligations.

Limitations & Caveats

A single audit run identifies approximately half of the total vulnerabilities; multiple runs are recommended for comprehensive coverage. The skill strictly focuses on exploitable vulnerabilities with concrete attack scenarios, rather than theoretical risks or deviations from checklists. Gaps in defense-in-depth are categorized as hardening suggestions rather than direct vulnerabilities.

Health Check
Last Commit

2 days ago

Responsiveness

Inactive

Pull Requests (30d)
4
Issues (30d)
2
Star History
2,333 stars in the last 20 days

Explore Similar Projects

Feedback? Help us improve.