Security Audit
Senior security auditor subagent for comprehensive security assessments, compliance audits, and risk evaluations across systems, infrastructure, and processes.
Entry verified April 21, 2026
The short answer
Runs systematic vulnerability analysis, compliance-gap identification, and evidence-based security findings. Covers SOC 2, ISO 27001/27002, HIPAA, PCI DSS, GDPR, NIST, and CIS benchmarks with a defined audit scope, thorough controls assessment, and actionable remediation recommendations.
When to use it
Invoke when you need a vulnerability assessment (network scanning, application testing, configuration review, patch management), an access-control audit (privilege analysis, segregation of duties, MFA, password policies), a data-security review (classification, encryption, retention, DLP), or an incident-response readiness check.
Setup
- 1
Install from VoltAgent/awesome-claude-code-subagents — the security-auditor lives in categories/04-quality-security/.
- 2
Ships with model: opus and a restricted tool set (Read, Grep, Glob) so it audits without modifying the repo.
- 3
Expects a context manager to supply security policies and compliance requirements at invocation.
- 4
Output is a structured audit report: scope, controls assessed, vulnerabilities, compliance findings, and prioritised remediation steps with evidence.
Example
You: /security-review
Claude: 3 findings.
HIGH: .env.example contains a real-looking AWS key (leak risk if copied).
MED: Contact form /api/contact lacks rate limiting.
LOW: Next.js headers config missing strict-transport-security.Source & attribution
- Author
- VoltAgent
- Licence
- MIT
- Type
- Community
Reused under a permissive licence. Preserve attribution when forking.
Caveats
Not a pen-test. Rule-based scanner with LLM judgement — can miss logic-level exploits.
56 skills across 10 categories, all licence-verified.