auditing-security
Security Audit
Use this skill when the user asks to audit security, check for vulnerabilities, review code for security issues, or harden an application.
Steps
-
Scan for hardcoded secrets — search for API keys, tokens, passwords, and connection strings in source files. Check for patterns like:
password=,secret=,token=,api_key=- Base64-encoded credentials
- AWS keys (
AKIA...), Stripe keys (sk_live_...), GitHub tokens (ghp_...) - Files:
.envcommitted to git,config.jsonwith credentials
-
Check authentication & authorization
- Verify all API routes check authentication before processing.
- Ensure role-based access control is enforced server-side, not just in the UI.
- Check that password hashing uses bcrypt/argon2 (not MD5/SHA1).
- Verify session tokens are HTTP-only, secure, and have reasonable expiry.
-
Check for injection vulnerabilities
More from spencerpauly/awesome-cursor-skills
saving-workspace-context
Automatically persist useful context — research, decisions, learnings, templates — to workspace files so knowledge survives across conversations.
38reviewing-code
Perform a thorough code review focused on correctness, maintainability, performance, and best practices.
37database-design
Design database schemas — tables, relationships, indexes, constraints, and ORM setup. Covers relational design, normalization, and common patterns.
36suggesting-cursor-rules
When the user repeats the same correction or convention multiple times, suggest a Cursor rule to encode it permanently.
35systematic-debugging
Structured debugging methodology — reproduce, isolate, hypothesize, verify. Covers git bisect, binary search, logging, and minimal reproduction.
33suggesting-cursor-hooks
When the user keeps asking for the same check to run (lint, tests, type-check), suggest a Cursor hook to automate it.
32