← Back to Payloads
Security2026-04-23

Skill-Security-Auditor: The ARCHITECT Tool That Catches What Your CI Misses

A deep-dive into the skill-security-auditor Claude Code blueprint — an automated security review workflow that integrates directly into your development pipeline and catches supply-chain attacks before they ship.
Skill-Security-Auditor: The ARCHITECT Tool That Catches What Your CI Misses
**TL;DR:** `skill-security-auditor` is an ARCHITECT-tier Claude Code blueprint that runs automated security reviews on code changes — catching secrets, SAST vulnerabilities, and supply-chain anomalies before they reach production. Ships in under 5 minutes.

The 10-Second Pitch

  • Runs **SAST scans** (Semgrep, Bandit), **secret detection** (Gitleaks), and **dependency auditing** (npm audit, pip-audit) on every PR
  • Generates a structured **JSON security report** with CVE matches, severity scores, and remediation prompts
  • Tier-rated: ARCHITECT — meaning it orchestrates multiple security tools, not just one
  • Designed for **shift-left security** teams that want automated review without manual intervention

Setup Directions

Step 1 — Install the Blueprint

\`\`\`bash

mrt install "skill-security-auditor"

\`\`\`

Step 2 — Connect Your CI Environment

In your project root, create `.security-auditor.json`:

\`\`\`json

{

"tools": ["gitleaks", "semgrep", "trivy"],

"fail_on": ["critical", "high"],

"report_format": "json",

"notify_slack": true

}

\`\`\`

Step 3 — Run Your First Audit

\`\`\`bash

claude -- blueprint security-auditor --target ./src --mode ci

\`\`\`

Step 4 — Review the Report

Output lands in `.security-report.json`:

\`\`\`json

{

"scanned_files": 142,

"critical_findings": 0,

"high_findings": 2,

"secrets_detected": ["AWS_SECRET_KEY"],

"cve_matches": ["CVE-2024-1234"],

"remediation": "Upgrade lodash@>=4.17.21"

}

\`\`\`

The Exact Prompt for an Ad-Hoc Review

Run a full security audit on the ./src directory. Use gitleaks for

secrets detection, semgrep for SAST, and trivy for dependency scanning.

Output results as structured JSON. Fail if any CRITICAL findings are found.

Pros & Cons

ProsCons
Multi-tool orchestration (not just one scanner)Requires `claude` CLI in PATH
Structured JSON output for automationSome tools (Trivy) need Docker
ARCHITECT tier — serious workflow designSemgrep rules must be kept up to date
Zero false positives on secret detection (Gitleaks)May be noisy on large legacy codebases

Verdict

`skill-security-auditor` fills the gap between "security scan available" and "security scan actually runs on every PR." The ARCHITECT designation means it doesn't just call one tool — it orchestrates a pipeline of them and produces a unified report. If you're shipping code without this in your CI, you're accepting risk you don't need to.

**Best for:** DevSecOps teams, open-source maintainers, and any organization handling sensitive data in their codebase.

**Alternative:** For lightweight single-tool scanning, try `gitleaks` directly. For full SIEM integration, look at the Enterprise tier `security-auditing` blueprint instead.

*Blueprint available at [mr.technology/blueprints](/blueprints). ARCHITECT-tier skills require Pro access.*

#security#CI/CD#supply-chain#ARCHITECT#Claude-Code#audit#DevSecOps
Integrates with GitHub/GitLab PR comment workflowsNot a real-time file monitor — needs triggering