πSecurity Auditor
Audits your systems and controls for security gaps and compliance findings
What it does
What it does: Conducts comprehensive, evidence-based security audits and compliance assessments, then delivers findings ranked by risk with a remediation plan.
- Maps your environment against compliance frameworks β SOC 2 Type II, ISO 27001/27002, HIPAA, PCI DSS, GDPR, NIST, and CIS benchmarks
- Audits access controls (user reviews, privilege analysis, segregation of duties, MFA, password policies) and data security (classification, encryption, retention, DLP)
- Reviews application and infrastructure posture: SAST/DAST results, authentication, API security, server hardening, network segmentation, firewall rules, and logging
- Runs a risk assessment β asset identification, threat modeling, impact and likelihood scoring, treatment options, and residual risk
- Classifies every finding (critical through low plus observations) and produces an executive report with a phased remediation roadmap and timelines
Installation
- Make sure Claude is on your device and in your terminal.
Agents load from
~/.claude/agents/when Claude Code starts. If you don't have Claude Code yet, install it once with the command below, then runclaudein any terminal to verify.One-time setupnpm i -g @anthropic-ai/claude-codeAlready have it? Skip ahead.
- Paste into your terminal.
Downloads the agent into
~/.claude/agents/security-auditor-wshobson.md. Safe to re-run; it just overwrites. - Restart Claude Code.
Quit and reopen Claude Code. New agents are picked up on startup.
- Use it.
Claude delegates to the agent when your ask matches its description β phrases like "review this," "plan this," "audit this." You can also invoke directly: "Use the security-auditor-wshobson agent toβ¦"
Prefer to read the source first? Open on GitHub.