泰途AI 泰途AISkill 市场

Code Security Audit

SkillDB 作者 LobsterAI Security Team v2.1.0

Comprehensive code security audit toolkit combining OWASP Top 10 vulnerability scanning, dependency analysis, secret detection, SSL/TLS verification, AI Agent security checks, and automated security scoring. Use when auditing codebases, scanning for vulnerabilities, detecting hardcoded secrets, checking OWASP compliance, AI/LLM application security, or preparing for security reviews.

源码 ↗

安装 / 下载方式

TotalClaw CLI推荐
totalclaw install skilldb:wisdomsword~code-security-audit
cURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/skilldb%3Awisdomsword~code-security-audit/file -o code-security-audit.md
Git 仓库获取源码
git clone https://github.com/openclaw/skills/commit/438f6f77d6db3640da02e20c33cf7bc59bda0d94
# Code Security Audit

**Unified security audit toolkit** combining OWASP Top 10 vulnerability scanning, dependency analysis, secret detection, SSL/TLS verification, AI Agent security checks, and automated security scoring.

## Overview

This skill merges the best of `security-auditor` and `security-audit-toolkit` into a comprehensive security auditing solution:

- ✅ **OWASP Top 10 Vulnerability Detection** - All 10 categories with code patterns
- ✅ **Dependency Vulnerability Scanning** - npm, pip, cargo, go modules
- ✅ **Secret Detection** - 70+ API key patterns, credentials, private keys, crypto wallets
- ✅ **SSL/TLS Verification** - Certificate validation, cipher suite checks
- ✅ **AI Agent Security** - Numeric risks, prompt injection, crypto wallet safety (NEW)
- ✅ **Security Scoring** - Quantified 0-100 security score
- ✅ **Auto-Fix Suggestions** - Actionable remediation recommendations
- ✅ **Multi-Language Support** - JS/TS, Python, Go, Java, Rust, PHP, Ruby, Solidity
- ✅ **CI/CD Integration** - GitHub Actions, GitLab CI templates

## Quick Start

```bash
# Full security audit with scoring
./scripts/security-audit.sh --full

# Quick scan (secrets + dependencies only)
./scripts/security-audit.sh --quick

# OWASP Top 10 check
./scripts/security-audit.sh --owasp

# AI Agent security check (NEW - inspired by Lobstar Wilde incident)
./scripts/security-audit.sh --ai

# Dependency vulnerabilities only
./scripts/security-audit.sh --deps

# Secret detection only
./scripts/security-audit.sh --secrets

# SSL/TLS verification
./scripts/security-audit.sh --ssl example.com
```

## Security Score Calculation

| Category | Weight | Max Points |
|----------|--------|------------|
| OWASP Top 10 Compliance | 25% | 25 |
| AI Agent Security | 15% | 15 |
| Dependency Security | 20% | 20 |
| Secret Management | 15% | 15 |
| SSL/TLS Configuration | 10% | 10 |
| Code Quality (Security) | 10% | 10 |
| Documentation & Policies | 5% | 5 |
| **Total** | **100%** | **100** |

### Score Interpretation

| Score | Risk Level | Action |
|-------|------------|--------|
| 90-100 | ✅ Low | Continue monitoring |
| 70-89 | ⚠️ Medium | Address findings within 1 week |
| 50-69 | 🔶 High | Priority fixes required |
| 0-49 | 🚨 Critical | Immediate remediation needed |

---

## 1. OWASP Top 10 Detection

### A01:2021 - Broken Access Control

**Detection Patterns:**

```bash
# Find endpoints without authentication
grep -rn "app\.\(get\|post\|put\|delete\|patch\)" --include='*.ts' --include='*.js' . | \
  grep -v "authenticate\|auth\|isLoggedIn\|requireAuth"

# Find direct object references without ownership check
grep -rn "params\.id\|req\.params\." --include='*.ts' --include='*.js' . | \
  grep -v "userId\|authorId\|ownerId\|belongsTo"
```

**Code Patterns:**

```typescript
// ❌ VULNERABLE: No authorization check
app.delete('/api/posts/:id', async (req, res) => {
  await db.post.delete({ where: { id: req.params.id } })
  res.json({ success: true })
})

// ✅ SECURE: Verify ownership
app.delete('/api/posts/:id', authenticate, async (req, res) => {
  const post = await db.post.findUnique({ where: { id: req.params.id } })
  if (!post) return res.status(404).json({ error: 'Not found' })
  if (post.authorId !== req.user.id && req.user.role !== 'admin') {
    return res.status(403).json({ error: 'Forbidden' })
  }
  await db.post.delete({ where: { id: req.params.id } })
  res.json({ success: true })
})
```

**Checklist:**
- [ ] Every endpoint verifies authentication
- [ ] Every data access verifies authorization
- [ ] CORS configured with specific origins (not `*`)
- [ ] Rate limiting on sensitive endpoints
- [ ] JWT tokens validated on every request

---

### A02:2021 - Cryptographic Failures

**Detection Patterns:**

```bash
# Find weak hashing algorithms
grep -rn "md5\|sha1\|SHA1\|MD5" --include='*.ts' --include='*.js' --include='*.py' . | \
  grep -i "password\|secret\|token\|key"

# Find plaintext password storage
grep -rn "password\s*[:=]\s*['\"]" --include='*.ts' --include='*.js' --include='*.py' .

# Find disabled SSL verification
grep -rn "verify\s*=\s*False\|rejectUnauthorized.*false\|InsecureSkipVerify" \
  --include='*.ts' --include='*.js' --include='*.py' --include='*.go' .
```

**Code Patterns:**

```typescript
// ❌ VULNERABLE: Plaintext password
await db.user.create({ data: { password: req.body.password } })

// ✅ SECURE: Bcrypt with sufficient rounds
import bcrypt from 'bcryptjs'
const hashedPassword = await bcrypt.hash(req.body.password, 12)
await db.user.create({ data: { password: hashedPassword } })

// ❌ VULNERABLE: Disabled SSL verification
const agent = new https.Agent({ rejectUnauthorized: false })

// ✅ SECURE: Proper SSL verification
const agent = new https.Agent({ rejectUnauthorized: true })
```

**Checklist:**
- [ ] Passwords hashed with bcrypt (12+ rounds) or argon2
- [ ] Sensitive data encrypted at rest (AES-256)
- [ ] TLS/HTTPS enforced for all connections
- [ ] No secrets in source code or logs
- [ ] API keys rotated regularly

---

### A03:2021 - Injection

**SQL Injection Detection:**

```bash
# Find string concatenation in queries
grep -rn "query\|execute\|raw\|cursor" --include='*.ts' --include='*.js' --include='*.py' . | \
  grep -E "\\\$\{|\+.*\+|%s|format\(|f\""

# Find ORM raw queries with interpolation
grep -rn "\$queryRaw\|\.raw\(" --include='*.ts' --include='*.js' . | \
  grep -v "parameterized\|\$\$"
```

**Command Injection Detection:**

```bash
# Find dangerous command execution
grep -rn "exec\|spawn\|system\|popen\|subprocess\|os\.system\|child_process" \
  --include='*.ts' --include='*.js' --include='*.py' --include='*.go' . | \
  grep -v "execFile\|spawn.*array\|shell.*False"
```

**Code Patterns:**

```typescript
// ❌ VULNERABLE: SQL injection
const query = `SELECT * FROM users WHERE email = '${email}'`

// ✅ SECURE: Parameterized queries
const user = await db.query('SELECT * FROM users WHERE email = $1', [email])

// ❌ VULNERABLE: Command injection
const result = exec(`ls ${userInput}`)

// ✅ SECURE: Argument array
import { execFile } from 'child_process'
execFile('ls', [sanitizedPath], callback)
```

**Checklist:**
- [ ] All database queries use parameterized statements
- [ ] No string concatenation in queries
- [ ] OS commands use argument arrays
- [ ] No user input in `eval()`, `Function()`, or template code

---

### A04:2021 - Insecure Design

**Detection Patterns:**

```bash
# Find missing rate limiting
grep -rn "login\|signin\|auth" --include='*.ts' --include='*.js' . | \
  grep -v "rateLimit\|throttle\|rate.limit"

# Find weak password requirements
grep -rn "password\|passwd" --include='*.ts' --include='*.js' . | \
  grep -v "minLength\|min.*8\|complexity\|uppercase\|lowercase\|number\|special"
```

---

### A05:2021 - Security Misconfiguration

**Detection Patterns:**

```bash
# Find debug mode enabled
grep -rn "DEBUG\s*=\s*true\|debug:\s*true\|NODE_ENV.*development" \
  --include='*.ts' --include='*.js' --include='*.env' --include='*.yaml' --include='*.json' .

# Find CORS wildcard
grep -rn "Access-Control-Allow-Origin.*\*\|cors({.*origin.*true" \
  --include='*.ts' --include='*.js' .

# Find exposed stack traces
grep -rn "stack\|traceback\|stackTrace" --include='*.ts' --include='*.js' . | \
  grep -i "response\|send\|return\|res\."
```

**Security Headers Check:**

```bash
# Check security headers on a URL
curl -sI https://example.com | grep -iE 'strict-transport|content-security|x-frame|x-content-type|referrer-policy|permissions-policy'
```

---

### A06:2021 - Vulnerable Components

**Node.js:**

```bash
# Built-in npm audit
npm audit --audit-level=moderate

# JSON output for CI
npm audit --json | jq '.vulnerabilities | to_entries[] | select(.value.severity == "high" or .value.severity == "critical")'

# Auto-fix where possible
npm audit fix

# Check specific package
npm audit --package-lock-only
```

**Python:**

```bash
# pip-audit
pip-audit -r requirements.txt

# safety
safety check -r requirements.txt --json
```

**Go:**

``