50 lines
1.8 KiB
Markdown
50 lines
1.8 KiB
Markdown
---
|
|
name: security:audit
|
|
description: Full project security audit with OWASP LLM Top 10 assessment, scoring, and remediation plan
|
|
allowed-tools: Read, Glob, Grep, Bash, Agent
|
|
model: sonnet
|
|
---
|
|
|
|
# /security audit
|
|
|
|
Full security audit — 10 categories, OWASP LLM Top 10 aligned, A-F grade.
|
|
|
|
## Step 1: Run Posture Scanner
|
|
|
|
Run the deterministic posture scanner first for instant category results:
|
|
|
|
```
|
|
node <this plugin's scanners/posture-scanner.mjs> [cwd]
|
|
```
|
|
|
|
Parse JSON output. Record: grade, risk score, all category statuses, all findings.
|
|
|
|
## Step 2: Gather Context
|
|
|
|
1. Read `CLAUDE.md` for project name and type
|
|
2. Glob for: `commands/*.md`, `agents/*.md`, `.mcp.json`, `**/.mcp.json`, `.claude-plugin/plugin.json`
|
|
3. Determine: has skills/commands? has MCP servers?
|
|
|
|
## Step 3: Skill Scan (if commands/agents found)
|
|
|
|
Spawn `subagent_type: "llm-security:skill-scanner-agent"`, `model: "sonnet"`:
|
|
|
|
> Scan all commands/ and agents/ at [cwd].
|
|
> Read: \<plugin-root\>/knowledge/skill-threat-patterns.md
|
|
> Return findings: file, issue, severity, OWASP ref.
|
|
|
|
## Step 4: MCP Scan (if MCP servers found)
|
|
|
|
After skill scan, spawn `subagent_type: "llm-security:mcp-scanner-agent"`, `model: "sonnet"`:
|
|
|
|
> Audit MCP configs at [cwd]. Read: \<plugin-root\>/knowledge/mcp-threat-patterns.md
|
|
> Return trust table and findings with severity.
|
|
|
|
## Step 5: Generate Report
|
|
|
|
Merge posture scanner JSON + agent findings. Use the posture scanner's grade as the baseline.
|
|
Recalculate `risk_score = min(100, critical*25 + high*10 + medium*4 + low*1)` including agent findings.
|
|
|
|
Output: Risk Dashboard, Executive Summary, 10 Category Sections (use scanner evidence + agent narrative), Summary Table, Action Items (IMMEDIATE → HIGH → MEDIUM).
|
|
|
|
Close with top 2-3 action items. If grade C or lower: suggest `/security threat-model`.
|