codex-security-audit-skill
v1.0.0
Published
Codex skill for practical security audits of codebases, SaaS apps, APIs, and MVPs.
Downloads
66
Maintainers
Readme
Codex Security Audit Skill
A Codex skill for practical security audits of codebases, SaaS apps, APIs, mobile apps, and MVPs before launch.
Install From GitHub
npm install -g github:Kappaemme-git/codex-security-audit-skill
codex-security-audit-skillOr run without a global install:
npx github:Kappaemme-git/codex-security-audit-skillAfter the package is published to npm, users can install it with:
npm install -g codex-security-audit-skill
npx codex-security-audit-skillThe installer copies the skill to:
~/.codex/skills/codex-security-audit-skillRestart Codex or open a new chat if the skill autocomplete does not refresh immediately.
Use
In Codex, open a project and ask:
Use codex-security-audit-skill on this project.
Check secrets, auth, authorization, API routes, CORS, payments, webhooks, file uploads, logging, dependencies, and deploy config.
Give me confirmed findings, risk level, and the fastest safe fix plan.You can also ask Codex to implement fixes:
Use codex-security-audit-skill and implement the Critical and High fixes.What It Checks
- Exposed secrets and hardcoded credentials
- Authentication and session risks
- Authorization and multi-tenant data access bugs
- Input validation and injection risks
- CORS, CSRF, headers, and rate limits
- File upload handling
- Payment and webhook verification
- Dependency and supply-chain hygiene
- Logging, privacy, and production config issues
Included Utility
The skill includes a lightweight local secret-pattern scanner:
python3 ~/.codex/skills/codex-security-audit-skill/scripts/scan_secrets.py /path/to/projectThe scanner output is only a first pass. Treat matches as leads that need code review.
