dfyx-code-security-auditor

Skill by ara.so — Security Skills collection.

Expert-level code security auditing based on deep data flow analysis and business logic understanding. Implements a standardized 5-phase white-box static analysis methodology to systematically discover and validate security vulnerabilities in source code.

What This Skill Does

dfyx_code_security_review provides systematic code security auditing through:

• Multi-language support: Java, Python, Go, PHP, JavaScript/Node.js, C/C++, .NET/C#, Ruby, Rust
• 10 security dimensions: Injection, Authentication, Authorization, Deserialization, File Operations, SSRF, Cryptography, Configuration, Business Logic, Supply Chain
• 3-track audit model: Sink-driven (injections), Control-driven (authorization/logic), Config-driven (configurations)
• 5-phase protocol: Reconnaissance → Pattern Matching → Taint Tracking → Validation → Reporting
• Real-world case library: Based on WooYun vulnerability cases (2010-2016)

Installation

This skill is designed to be used within AI coding agents that support custom skills.