security_audit
Analyze code for security vulnerabilities, OWASP compliance, and data flow issues across projects to identify and address potential security risks.
Instructions
Perform comprehensive security audit across entire project, analyzing data flows, authentication chains, and cross-file vulnerabilities with OWASP compliance checking
WORKFLOW: Perfect for understanding complex code, identifying issues, and technical debt assessment TIP: Use Desktop Commander to read files, then pass content here for analysis SAVES: Claude context for strategic decisions
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| analysisDepth | No | Level of analysis detail | detailed |
| analysisType | No | Type of analysis to perform | comprehensive |
| auditDepth | No | Depth of security audit | standard |
| code | No | The code to analyze for security issues (for single-file analysis) | |
| filePath | No | Path to single file to analyze for security vulnerabilities | |
| files | No | Array of specific file paths (for multi-file analysis) | |
| focusAreas | No | Specific areas to focus on: authentication, data-flow, input-validation, authorization | |
| includeOwasp | No | Include OWASP Top 10 checks | |
| language | No | Programming language | javascript |
| maxDepth | No | Maximum directory depth for multi-file discovery (1-5) | |
| projectPath | No | Absolute path to project root directory | |
| projectType | No | Project type for specific security checks | generic |
Implementation Reference
- The main execute method of the SecurityAuditor class, which implements the core logic for the 'security_audit' tool. It detects single-file or multi-file mode, validates params, sets up the model, and routes to the appropriate analysis handler.async execute(params: any, llmClient: any) { return await withSecurity(this, params, llmClient, async (secureParams) => { try { // 1. Auto-detect analysis mode based on parameters const analysisMode = this.detectAnalysisMode(secureParams); // 2. Validate parameters based on detected mode this.validateParameters(secureParams, analysisMode); // 3. Setup model const { model, contextLength } = await ModelSetup.getReadyModel(llmClient); // 4. Route to appropriate analysis method if (analysisMode === 'single-file') { return await this.executeSingleFileAnalysis(secureParams, model, contextLength); } else { return await this.executeMultiFileAnalysis(secureParams, model, contextLength); } } catch (error: any) { return ErrorHandler.createExecutionError('security_audit', error); } }); }
- Tool metadata including name 'security_audit' and complete input parameters schema supporting single-file and multi-file security audits.name = 'security_audit'; category = 'analyze' as const; description = 'Perform comprehensive security audit across entire project, analyzing data flows, authentication chains, and cross-file vulnerabilities with OWASP compliance checking'; // Universal parameter set - supports both single and multi-file scenarios parameters = { // Single-file parameters code: { type: 'string' as const, description: 'The code to analyze for security issues (for single-file analysis)', required: false }, filePath: { type: 'string' as const, description: 'Path to single file to analyze for security vulnerabilities', required: false }, // Multi-file parameters projectPath: { type: 'string' as const, description: 'Absolute path to project root directory', required: false }, files: { type: 'array' as const, description: 'Array of specific file paths (for multi-file analysis)', required: false, items: { type: 'string' as const } }, maxDepth: { type: 'number' as const, description: 'Maximum directory depth for multi-file discovery (1-5)', required: false, default: 4 }, // Security-specific parameters projectType: { type: 'string' as const, description: 'Project type for specific security checks', required: false, enum: ['wordpress-plugin', 'wordpress-theme', 'react-app', 'react-component', 'node-api', 'browser-extension', 'cli-tool', 'n8n-node', 'n8n-workflow', 'html-component', 'generic'], default: 'generic' }, auditDepth: { type: 'string' as const, description: 'Depth of security audit', enum: ['basic', 'standard', 'comprehensive'], default: 'standard', required: false }, includeOwasp: { type: 'boolean' as const, description: 'Include OWASP Top 10 checks', required: false, default: true }, focusAreas: { type: 'array' as const, description: 'Specific areas to focus on: authentication, data-flow, input-validation, authorization', required: false, items: { type: 'string' as const } }, // Universal parameters language: { type: 'string' as const, description: 'Programming language', required: false, default: 'javascript' }, analysisDepth: { type: 'string' as const, description: 'Level of analysis detail', enum: ['basic', 'detailed', 'comprehensive'], default: 'detailed', required: false }, analysisType: { type: 'string' as const, description: 'Type of analysis to perform', enum: ['security', 'owasp', 'comprehensive'], default: 'comprehensive', required: false } };
- src/validation/schemas.ts:34-69 (schema)Output schema definition for security_audit responses, defining structure for summary, vulnerabilities, dependencies, etc.export interface SecurityAuditResponse extends BaseResponse { data: { summary: { riskLevel: "critical" | "high" | "medium" | "low"; totalVulnerabilities: number; criticalCount: number; highCount: number; mediumCount: number; lowCount: number; }; vulnerabilities: Array<{ type: string; severity: "critical" | "high" | "medium" | "low"; description: string; location: { file?: string; line?: number; column?: number; code?: string; }; recommendation: string; owaspCategory?: string; cwe?: string; }>; dependencies?: { vulnerable: Array<{ packageName: string; version: string; vulnerability: string; severity: string; }>; }; recommendations: string[]; passedChecks: string[]; }; }
- src/validation/schemas.ts:520-520 (registration)Registration of 'security_audit' tool in the FunctionResponseMap type mapping.'security_audit': SecurityAuditResponse;
- Helper factory method to create properly formatted SecurityAuditResponse objects.static createSecurityAuditResponse( summary: SecurityAuditResponse['data']['summary'], vulnerabilities: SecurityAuditResponse['data']['vulnerabilities'], recommendations: string[], passedChecks: string[], dependencies: SecurityAuditResponse['data']['dependencies'] | undefined, modelUsed: string ): SecurityAuditResponse { return { success: true, timestamp: new Date().toISOString(), modelUsed, executionTimeMs: this.getExecutionTime(), data: { summary, vulnerabilities, dependencies, recommendations, passedChecks } }; }