Skellorok Appsec Audit
skellorok-appsec-audit is a Claude Code plugin for the Ship phase that runs comprehensive, wave-based application security audits using parallel expert personas.
by skellorok · github.com/skellorok/appsec-audit
Run comprehensive, wave-based application security audits inside Claude Code before release or after major changes.
Add it to Claude Code
Install the plugin in Claude Code. One command, paste-ready.
/plugin install skellorok-appsec-audit@skellorok/appsec-auditBuilt to be called by your agent
Skillselion is itself an MCP server. Your agent can pull this entry and a paste-ready install config straight from the API - no copy-paste.
Retrieve this entry with skillselion.get_details("plugin:skellorok/appsec-audit") and the paste-ready config with skillselion.get_install_config("plugin:skellorok/appsec-audit").
What it does
skellorok-appsec-audit is a Claude Code plugin that brings structured application security auditing into your agent session. Catalog metadata describes comprehensive auditing with wave-based execution and parallel expert personas, aligned with a RAPTOR-style methodology so findings are explored in depth rather than as a single shallow pass. Solo builders shipping web apps, APIs, or agent-backed products use it when they need an appsec-focused review without immediately hiring a consultancy. Install it during security hardening or pre-launch checks, point the agent at your codebase context, and treat output as audit guidance to verify and prioritize—not as a substitute for penetration testing or compliance sign-off.
Highlights
- Application security auditing purpose-built for Claude Code
- Wave-based execution with parallel expert personas
- RAPTOR-oriented comprehensive audit methodology
- Community appsec plugin focused on auditing—not passive linting
Why builders use it
Indie builders often ship without a repeatable appsec audit process, so critical vulnerabilities surface only after users or scanners complain.
After registration, Claude Code can execute structured security auditing waves so you get prioritized appsec findings to fix before launch.
At a glance
- Type - Plugin in Security.
- Adoption - 0 installs, 2 stars, 0 votes.
FAQ
Who is skellorok-appsec-audit for?
It is for developers using Claude Code who need application security auditing with a comprehensive, wave-based expert methodology before or after shipping changes.
When should I use skellorok-appsec-audit?
Use it during pre-launch security passes, after large auth or data-handling changes, or when you want parallel persona-driven appsec review in the agent.
How do I add skellorok-appsec-audit to my agent?
Add the skellorok/appsec-audit plugin through Claude Code plugin registration, then invoke it with clear repo scope and threat assumptions so audit waves stay focused.
Comments
Share how you use skellorok-appsec-audit, gotchas, or tips for other indie builders.
No comments yet - be the first to share how you use it.