v1.0.0

Security Audit Skill for Claude Code — Initial Release

A global Claude Code skill that performs comprehensive security audits on any codebase. Run /security-audit in any project to get classified findings, actionable epics, and a professional PDF report.

Features

• 7 audit categories — Source Code, Auth, Docker, CI/CD, Dependencies, Configuration, Network
• Severity classification — Findings rated as CRITICAL, HIGH, MEDIUM, LOW
• Actionable epics — Auto-generated epics in docs/epics/ with concrete tickets, file/line references, fix suggestions, and acceptance criteria
• PDF report — Professional report with executive summary, security score (A–D rating), risk matrix, and OWASP/CWE/NIST references
• Category filtering — Audit specific areas: docker, api, auth, dependencies, config, network
• Multi-language — English (default) and German (lang=de)
• Review mode — Follow-up audits produce timestamped review PDFs alongside the original baseline
• Epic continuity — Subsequent reviews update existing epics, resolving fixed issues without losing history
• Cross-platform — Auto-detects Chrome (macOS, Linux, Windows/WSL) for PDF generation

Installation

git clone git@github.com:McGo/claude-code-security-audit.git
cd claude-code-security-audit
./install.sh

The installer creates a single symlink (~/.claude/skills/security-audit) — no packages, no binaries, no PATH changes.

Requirements

• https://docs.anthropic.com/en/docs/claude-code
• Google Chrome (for PDF generation, optional)

License

MIT