--- name: security:audit description: Full project security audit with OWASP LLM Top 10 assessment, scoring, and remediation plan allowed-tools: Read, Glob, Grep, Bash, Agent model: sonnet --- # /security audit Full security audit — 10 categories, OWASP LLM Top 10 aligned, A-F grade. ## Step 1: Run Posture Scanner Run the deterministic posture scanner first for instant category results: ``` node [cwd] ``` Parse JSON output. Record: grade, risk score, all category statuses, all findings. ## Step 2: Gather Context 1. Read `CLAUDE.md` for project name and type 2. Glob for: `commands/*.md`, `agents/*.md`, `.mcp.json`, `**/.mcp.json`, `.claude-plugin/plugin.json` 3. Determine: has skills/commands? has MCP servers? ## Step 3: Skill Scan (if commands/agents found) Spawn `subagent_type: "llm-security:skill-scanner-agent"`, `model: "sonnet"`: > Scan all commands/ and agents/ at [cwd]. > Read: \/knowledge/skill-threat-patterns.md > Return findings: file, issue, severity, OWASP ref. ## Step 4: MCP Scan (if MCP servers found) After skill scan, spawn `subagent_type: "llm-security:mcp-scanner-agent"`, `model: "sonnet"`: > Audit MCP configs at [cwd]. Read: \/knowledge/mcp-threat-patterns.md > Return trust table and findings with severity. ## Step 5: Generate Report Merge posture scanner JSON + agent findings. Use the posture scanner's grade as the baseline. Recalculate `risk_score = riskScore(counts)` (severity-dominated v2 model — see `scanners/lib/severity.mjs`) including agent findings. Output: Risk Dashboard, Executive Summary, 10 Category Sections (use scanner evidence + agent narrative), Summary Table, Action Items (IMMEDIATE → HIGH → MEDIUM). Close with top 2-3 action items. If grade C or lower: suggest `/security threat-model`. ## Step 6: HTML Report After producing the markdown audit report above: 1. Compute a temp markdown path: ```bash node -p "require('path').join(require('os').tmpdir(), 'sec-audit-' + Date.now() + '.md')" ``` 2. Use the Write tool to save the **entire markdown report you just produced** (Risk Dashboard + Executive Summary + Category Sections + Summary Table + Action Items) to that temp path. Verbatim. 3. Run the renderer: ```bash node /scripts/render-report.mjs audit --in "" ``` The CLI writes `reports/audit-.html` relative to CWD and prints `file:///abs/path.html` on stdout. 4. Append to your response (markdown link, no bare URL): > **HTML-rapport:** [Åpne i nettleser](file:///abs/path.html) If the CLI exits non-zero, mention the error but do not block — the markdown audit above is the primary deliverable.