A free Claude skill that audits your own website or codebase for the issues that actually get sites breached — then hands you a plain-English report with exact fixes. No security expertise needed.
2-minute install · runs 100% local · works in Claude Code
Most breaches don't come from elite hackers — they come from boring, fixable mistakes. This skill checks for all of them.
No SSL, expired certs, no HTTP→HTTPS redirect, outdated TLS, and missing HSTS.
Missing CSP, X-Frame-Options, nosniff and more — the easy wins that block XSS and clickjacking.
Publicly reachable .env, .git, backups, and config files leaking your secrets.
API keys, tokens and passwords sitting in your code — and in your git history.
Known CVEs in your npm / pip / composer packages, mapped to severity.
SQL injection, XSS, weak cookies, wide-open CORS, and debug mode left on in production.
Unprotected admin panels, default credentials, and publicly exposed cloud storage.
No signup, no email. Click below, unzip, and run your first audit in two minutes.
Free forever · runs 100% local · works in Claude Code
Put the skill into your Claude skills directory:
mv website-security-audit ~/.claude/skills/
Open Claude Code and just say:
Audit my website https://mysite.com
The security audit is one skill. The kits give you dozens — everything you need to ship faster and market smarter with Claude.
Battle-tested Claude skills & workflows for builders.
Turn Claude into your growth team.