PHPackages netresearch/agent-security-audit - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. netresearch/agent-security-audit ActiveAi-agent-skill[Security](/categories/security) netresearch/agent-security-audit ================================ Netresearch AI skill for security audits (OWASP, CWE, CVSS). Universal patterns + deep PHP/TYPO3 scanning with 80+ checkpoints. v2.6.0(1mo ago)801[1 PRs](https://github.com/netresearch/security-audit-skill/pulls)(MIT AND CC-BY-SA-4.0)ShellCI passing Since Dec 16Pushed 2mo ago1 watchersCompare [ Source](https://github.com/netresearch/security-audit-skill)[ Packagist](https://packagist.org/packages/netresearch/agent-security-audit)[ RSS](/packages/netresearch-agent-security-audit/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (2)Versions (26)Used By (0) Security Audit Skill ==================== [](#security-audit-skill) Security audit patterns (OWASP Top 10, CWE Top 25 2025, CVSS v4.0) and GitHub project security checks for **any project**. Deep automated PHP/TYPO3 code scanning with 80+ checkpoints, 19 reference guides, and PreToolUse warnings. Compatibility ------------- [](#compatibility) This is an **Agent Skill** following the [open standard](https://agentskills.io) originally developed by Anthropic and released for cross-platform use. **Supported Platforms:** - Claude Code (Anthropic) - Cursor - GitHub Copilot - Other skills-compatible AI agents > Skills are portable packages of procedural knowledge that work across any AI agent supporting the Agent Skills specification. Features -------- [](#features) - **Vulnerability Assessment**: XXE injection, SQL injection, XSS, CSRF, command injection, path traversal, file upload vulnerabilities, insecure deserialization, SSRF, type juggling, SSTI, JWT flaws, LDAP injection, email header injection, session fixation - **Risk Scoring**: CVSS v3.1 and v4.0 scoring methodology, risk matrix assessment, impact and likelihood analysis, prioritization frameworks - **Secure Coding**: Input validation, output encoding, cryptographic best practices (sodium), session management, authentication patterns, security headers - **Standards Compliance**: OWASP Top 10, CWE Top 25 (2025), OWASP ASVS v4.0, Proactive Controls — applicable to any project - **PHP/TYPO3 Deep Scanning**: 80+ automated checkpoints, PHP 8.x security features, framework patterns (TYPO3, Symfony, Laravel) - **DevSecOps**: CI/CD security pipeline, SAST, dependency scanning, supply chain security, SLSA Installation ------------ [](#installation) ### Marketplace (Recommended) [](#marketplace-recommended) Add the [Netresearch marketplace](https://github.com/netresearch/claude-code-marketplace) once, then browse and install skills: ``` # Claude Code /plugin marketplace add netresearch/claude-code-marketplace ``` ### npx ([skills.sh](https://skills.sh)) [](#npx-skillssh) Install with any [Agent Skills](https://agentskills.io)-compatible agent: ``` npx skills add https://github.com/netresearch/security-audit-skill --skill security-audit ``` ### Download Release [](#download-release) Download the [latest release](https://github.com/netresearch/security-audit-skill/releases/latest) and extract to your agent's skills directory. ### Git Clone [](#git-clone) ``` git clone https://github.com/netresearch/security-audit-skill.git ``` ### Composer (PHP Projects) [](#composer-php-projects) ``` composer require netresearch/security-audit-skill ``` Requires [netresearch/composer-agent-skill-plugin](https://github.com/netresearch/composer-agent-skill-plugin). Usage ----- [](#usage) This skill is automatically triggered when: - Conducting security assessments - Identifying vulnerabilities (XXE, SQL injection, XSS, CSRF, command injection) - Scoring security risks with CVSS v3.1 or v4.0 - Implementing secure coding practices - Auditing PHP applications for security issues - Reviewing code for OWASP Top 10 vulnerabilities - Setting up CI/CD security pipelines Example queries: - "Audit this code for XXE vulnerabilities" - "Check for SQL injection risks" - "Score this vulnerability using CVSS v4.0" - "Review authentication implementation for security flaws" - "Implement secure XML parsing" - "What security headers should this application set?" Structure --------- [](#structure) ``` security-audit-skill/ ├── SKILL.md # Skill metadata and core patterns ├── SECURITY.md # Security policy ├── hooks/ │ └── hooks.json # PreToolUse hook configuration ├── scripts/ │ └── check_risky_command.py # Risky command detection hook ├── skills/security-audit/ │ ├── SKILL.md # Skill definition │ ├── checkpoints.yaml # 80+ automated security checkpoints │ ├── scripts/ │ │ ├── security-audit.sh # PHP project security audit │ │ └── github-security-audit.sh # GitHub repo security audit │ └── references/ │ ├── cwe-top25.md # CWE Top 25 (2025) coverage map │ ├── owasp-top10.md # OWASP Top 10 patterns │ ├── xxe-prevention.md # XXE detection and prevention │ ├── cvss-scoring.md # CVSS v3.1 & v4.0 scoring │ ├── api-key-encryption.md # API key encryption (sodium) │ ├── deserialization-prevention.md # Insecure deserialization │ ├── path-traversal-prevention.md # Path traversal prevention │ ├── file-upload-security.md # File upload security │ ├── authentication-patterns.md # Auth, session, JWT, MFA │ ├── security-headers.md # HTTP security headers │ ├── security-logging.md # Security logging & monitoring │ ├── input-validation.md # Input validation & encoding │ ├── cryptography-guide.md # Cryptographic best practices │ ├── framework-security.md # TYPO3/Symfony/Laravel security │ ├── modern-attacks.md # SSRF, mass assignment, race conditions │ ├── cve-patterns.md # CVE-derived patterns (15 vulnerability types) │ ├── php-security-features.md # PHP 8.x security features │ ├── ci-security-pipeline.md # CI/CD security tooling │ └── supply-chain-security.md # SLSA, signing, OpenSSF └── .github/ ├── dependabot.yml # Automated dependency updates └── workflows/ ├── release.yml # Release automation └── ci.yml # ShellCheck, Python lint, tests ``` Expertise Areas --------------- [](#expertise-areas) ### Vulnerability Assessment [](#vulnerability-assessment) - XXE (XML External Entity) injection detection - SQL injection pattern recognition - XSS (Cross-Site Scripting) analysis - CSRF protection verification - Command injection detection - Path traversal prevention - File upload security - Insecure deserialization - SSRF detection - Authentication/authorization flaws ### Risk Scoring [](#risk-scoring) - CVSS v3.1 scoring methodology - CVSS v4.0 scoring methodology - Risk matrix assessment - Impact and likelihood analysis - Prioritization frameworks ### Secure Coding [](#secure-coding) - Input validation patterns - Output encoding strategies - Secure configuration - Cryptographic best practices (sodium) - Session management - Authentication patterns (Argon2, JWT, MFA) - Security headers (HSTS, CSP) ### DevSecOps [](#devsecops) - SAST integration (PHPStan, Semgrep, CodeQL) - Dependency scanning (composer audit, Trivy) - Supply chain security (SLSA, Sigstore) - Container security (Hadolint, Trivy) - SBOM generation (CycloneDX) Security Audit Checklist ------------------------ [](#security-audit-checklist) ### Authentication & Authorization [](#authentication--authorization) - Password hashing uses bcrypt/Argon2 (PASSWORD\_ARGON2ID) - Session tokens are cryptographically random (random\_bytes) - Session fixation protection enabled (session\_regenerate\_id) - CSRF tokens on all state-changing operations - Authorization checks on all protected resources - Rate limiting on authentication endpoints ### Input Handling [](#input-handling) - All input validated server-side - Parameterized queries for all SQL - XML parsing with external entities disabled (LIBXML\_NONET only) - File uploads restricted by type (MIME validation) and size - Path traversal prevention on file operations - No unserialize() with user input ### Output Handling [](#output-handling) - Context-appropriate output encoding (htmlspecialchars) - Content-Type headers set correctly - X-Content-Type-Options: nosniff - Content-Security-Policy configured - X-Frame-Options or CSP frame-ancestors set - Strict-Transport-Security (HSTS) enabled ### Data Protection [](#data-protection) - Sensitive data encrypted at rest (sodium\_crypto\_secretbox) - TLS 1.2+ for data in transit - Secrets not in version control - PII handling compliant with regulations - Audit logging for sensitive operations Related Skills -------------- [](#related-skills) - **enterprise-readiness-skill**: References this skill for security assessment - **php-modernization-skill**: Type safety enhances security - **typo3-testing-skill**: Security test patterns License ------- [](#license) This project uses split licensing: - **Code** (scripts, workflows, configs): [MIT](LICENSE-MIT) - **Content** (skill definitions, documentation, references): [CC-BY-SA-4.0](LICENSE-CC-BY-SA-4.0) See the individual license files for full terms. Credits ------- [](#credits) Developed and maintained by [Netresearch DTT GmbH](https://www.netresearch.de/). --- **Made with love for Open Source by [Netresearch](https://www.netresearch.de/)** ### Health Score 40 — FairBetter than 88% of packages Maintenance89 Actively maintained with recent releases Popularity7 Limited adoption so far Community13 Small or concentrated contributor base Maturity45 Maturing project, gaining track record Bus Factor1 Top contributor holds 92.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~5 days Total 20 Last Release 47d ago Major Versions v1.3.1 → v2.1.02026-02-07 ### Community Maintainers ![](https://www.gravatar.com/avatar/acffee6a64e18f21593794b335dd8786001148f7df89fd8372a54d3dd09d91a4?d=identicon)[netresearch](/maintainers/netresearch) --- Top Contributors [![CybotTM](https://avatars.githubusercontent.com/u/326348?v=4)](https://github.com/CybotTM "CybotTM (121 commits)")[![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)](https://github.com/renovate[bot] "renovate[bot] (5 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (3 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (2 commits)") --- Tags agent-skillsai-agentopen-standard ### Embed Badge ![Health badge](/badges/netresearch-agent-security-audit/health.svg) ``` [![Health](https://phpackages.com/badges/netresearch-agent-security-audit/health.svg)](https://phpackages.com/packages/netresearch-agent-security-audit) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)