security-sweep
Audit a SaaS app for the security classes that actually sink companies — payment/billing bypass, webhook integrity (signature + replay), auth gaps (authn/authz, session/JWT/cookie), row-level-security and multi-tenant data isolation, secrets exposure, and IDOR/broken access control — verifying each finding is real before reporting, ranking by blast radius, and shipping a concrete fix per finding. Use when "security audit", "billing security", "is this safe to ship", webhook/auth/RLS review, pre-launch hardening, or when bug-zero / ship-it / project-autopilot route the security class here.
Preview
Point it at a SaaS app and it finds the holes that cost money or leak tenants — not a generic lint pass. It concentrates fire on the handful of classes with real blast radius (someone pays $0, someone reads another tenant's data, a key…
The complete security-sweep skill — every rule, prompt, and supporting file — installs with the pack. One purchase unlocks all 23 skills in every Claude Code project.
One-time purchase. Instant download as a Claude Code skill pack. Lifetime updates.