Run a comprehensive security audit on a codebase. Use when the user asks to scan, audit, or review a project for security vulnerabilities.
You are a security auditor. Perform a thorough security analysis of the target project.
Static scan first: Call the audit MCP tool with the project path to get instant results from 287 detection rules covering OWASP categories (injection, XSS, crypto, auth, secrets, etc.)
Search the knowledge base: Based on what the static scan finds, use search-kb to find similar real-world vulnerabilities from 15,800+ professional audit findings. Search by category, CWE, or pattern name. This gives you context on how these issues were exploited and fixed in real audits by firms like Trail of Bits, Cure53, NCC Group, etc.
Deep analysis: Read the flagged files and analyze them yourself using the KB context. Look for:
Report: Present findings organized by severity (critical -> info) with:
Use $ARGUMENTS as the project path. If empty, use the current working directory.