The best AI skills for security audit做安全审计最好用的

Skills that review risky code, API surfaces, permissions, and security-sensitive workflows.审查高风险代码、API 暴露面、权限边界和安全敏感工作流的 skill。

Editor rank · 编辑排名 Stars · 星标数 Updated · 最近更新

All Claude Code Codex Cursor Cline OpenClaw Hermes Anthropic Skills MCP Generic

All Low Medium

Editor's picks编辑精选榜单

2026-05-16 last re-ranked · 上次重排

#1Gold · 金

wooyun-legacy

★ Editor's Choice· 编辑首选

by tanweai·updated 3w ago

WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorizati

“

WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorization bypass, payment tampering, information disclosure, logic flaws, misconfiguration) and 33 vulnerability classes. Use for ANY security testing, auditing, or code review of web apps, APIs, or business systems — even without explicit "security" keywords. Triggers: penetration testing, security audit, vulnerability, bug bounty, payment security, IDOR, password reset, weak credentials, unauthorized access, race condition, parameter tampering, code review, 渗透测试, 安全审计, 漏洞挖掘, 支付安全, 越权, 逻辑漏洞, 业务安全, SRC, 代码审计. Also triggers on implicit intent: "test this endpoint", "find bugs", "can I bypass this", "帮我测测这个接口", "这个参数能不能改", "帮我找bug".

Claude CodeCodexLow risk · 低风险$

—

rating · 评分

1.6k

stars · 星标

View看详情 →

Why we didn't pick these为什么没选这些

Also common, but didn't make the picks同样常见，但未入精选

supply chain risk auditor
Workflows that require stronger human review than this catalog entry documents.
需要比当前目录条目更严格人工复核的工作流。
tsa risk
Workflows that require stronger human review than this catalog entry documents.
需要比当前目录条目更严格人工复核的工作流。
tsa risk
Workflows that require stronger human review than this catalog entry documents.
需要比当前目录条目更严格人工复核的工作流。

Didn't find what you need?没看到合适的 skill？

Tell us your pain points and we'll go look.把你的痛点告诉我们，我们会去找。

Compare top 3对比 Top 3 →Request a skill提交需求 →