Claude Code Skills·Claude Skills·The open SKILL.md registry for Claude
ClaudSkills / Security / security-misc

Gh Repo Security Audit

Category: Security  ·  Sub-category: security-misc  ·  Last updated:
tool:githubtype:audittype:scanner
OpenSSF-aligned security posture audit across all repos in a GitHub account: default workflow token permissions, allowed-actions policy, branch protection, secret scanning + push protection, and Dependabot alerts. Reports WARN (fixable gaps) vs INFO (opinionated hardening). Read-only by default; the only optional mutation is enabling Dependabot alerts. Use when you ask: "repo security audit", "OpenSSF audit", "are Dependabot alerts on?", "GitHub hardening check", "repo セキュリティ監査", "Actions セキュリティ横断". DO NOT USE FOR: writing code, changing branch protection automatically, or the PR-approval toggle (use gh-pr-perm-audit for that).

About this skill (catalog notes)

Gh Repo Security Audit includes a dedicated installation section; pricing or quota commentary; at least one code block. The SKILL.md is on the shorter side at about 529 words.

License
MIT
Original author
thinkyou0714
Indexed lastmod
Catalog position
Security · security-misc
Indexed related skills
10

How Gh Repo Security Audit fits the catalog

Gh Repo Security Audit sits in the Security category under the security-misc sub-topic in the ClaudSkills catalog. There are 10 related skills indexed alongside it; comparing a few before installing usually reveals which fits your workflow best.

These notes are auto-generated from features detected in the SKILL.md file and from this catalog's structure — they aren't part of the source repository.

From the source SKILL.md

Audit every repo in an account against OpenSSF Scorecard-style checks and report a clear posture. Read-only by default. The single optional mutation is enabling Dependabot alerts (a pure security gain). Everything else is reported as a human-gated recommendation. See references/openssf-checks.md for per-check rationale + sources.

What this skill does

Gh Repo Security Audit is a community-contributed Claude Code skill in the security-misc sub-category. It ships as a SKILL.md file that Claude Code auto-discovers under ~/.claude/skills/gh-repo-security-audit/ and loads when your prompt matches the skill's trigger.

When to invoke it: Use when you ask: "repo security audit", "OpenSSF audit", "are Dependabot alerts on?", "GitHub hardening check", "repo セキュリティ監査", "Actions セキュリティ横断". DO NOT USE FOR: writing code, changing branch protection automatically, or the PR-approval toggle (use gh-pr-perm-audit for that).

Who uses this skill

The Gh Repo Security Audit Claude Code skill is built for security engineers, penetration testers, DevSecOps practitioners, and development teams hardening codebases and infrastructure. It's part of ClaudSkills (also referred to as Claude Skills or Claude Code Skills) — the open community-curated registry of 92,000+ SKILL.md files for Anthropic's Claude Code agent and the wider Claude ecosystem (Claude API, Claude Agent SDK).

How to install

Free

Manual install (2 steps)

mkdir -p ~/.claude/skills/gh-repo-security-audit
curl -L https://claudskills.com/skills/gh-repo-security-audit/SKILL.md \
  -o ~/.claude/skills/gh-repo-security-audit/SKILL.md

Or just download SKILL.md directly and drop it into ~/.claude/skills/gh-repo-security-audit/. Claude Code auto-discovers it on next session.

Skills live at ~/.claude/skills/gh-repo-security-audit/SKILL.md on macOS/Linux, or %USERPROFILE%\.claude\skills\gh-repo-security-audit\SKILL.md on Windows. See the full install guide for step-by-step instructions.

Pro

One-click install via the desktop app

The ClaudSkills desktop app installs any skill directly into ~/.claude/skills/ with one click — no terminal required. Pro starts at $9/mo or $149 lifetime.

Pro

For the full experience including quality scoring and one-click install features for each skill — upgrade to Pro.

See pricing → Download desktop app

Frequently asked questions

How do I install the Gh Repo Security Audit Claude Code skill?
Install via the ClaudSkills desktop app (one click) or copy SKILL.md from the source repository to ~/.claude/skills/gh-repo-security-audit/SKILL.md and restart Claude Code. Both flows are detailed at claudskills.com/install/.
What does the Gh Repo Security Audit skill do?
OpenSSF-aligned security posture audit across all repos in a GitHub account: default workflow token permissions, allowed-actions policy, branch protection, secret scanning + push protection, and Dependabot alerts. Reports WARN (fixable gaps) vs INFO (opinionated hardening). Read-only by default; the only optional mutation is enabling Dependabot alerts. Use when you ask: "repo security audit", "OpenSSF audit", "are Dependabot alerts on?", "GitHub hardening check", "repo セキュリティ監査", "Actions セキュリティ横断". DO NOT USE FOR: writing code, changing branch protection automatically, or the PR-approval toggle (use gh-pr-perm-audit for that).
Is this skill free to install?
Yes. ClaudSkills is an open registry — every skill keeps its source repository's license, and manual install via copy is free. ClaudSkills Pro ($9/mo, $79/yr, or $149 one-time) adds one-click install via the desktop app and a multi-signal Quality Score.
When should I use the Gh Repo Security Audit skill?
Use Gh Repo Security Audit when your Claude Code task falls under the Security category — specifically in the security misc area. Claude Code auto-discovers installed skills and invokes the right one based on the task description, so you can also ask Claude directly (e.g. "use Gh Repo Security Audit" or describe the task and let Claude pick). Browse related skills at /category/security/.
What is a Claude Code skill and how does the Gh Repo Security Audit skill fit in?
A Claude Code skill is a SKILL.md file that lives under ~/.claude/skills/<name>/ and tells the Claude Code CLI agent how to perform a specific task (instructions, prompts, allowed tools). Skills are auto-discovered at session start. Gh Repo Security Audit is one of 67,000+ skills indexed in the open ClaudSkills catalog, classified under the Security category. Learn more at /learn/what-is-a-claude-skill/.

Attribution & license

Cite this skill

If you reference this skill in a blog post, paper, or documentation, you can cite it as:

APA
thinkyou0714. (2026). Gh Repo Security Audit [Claude Code skill]. ClaudSkills. https://claudskills.com/skills/gh-repo-security-audit/
BibTeX
@misc{gh-repo-security-audit-2026,
  author    = {thinkyou0714},
  title     = {Gh Repo Security Audit [Claude Code skill]},
  year      = {2026},
  publisher = {ClaudSkills},
  url       = {https://claudskills.com/skills/gh-repo-security-audit/}
}

Embed this skill

Promote, attribute, or link this skill from your own README, blog post, or documentation. All three snippets are free to use — no sign-up, no API key. More distribution surfaces →

Badge
[![ClaudSkills](https://claudskills.com/badge/gh-repo-security-audit.svg)](https://claudskills.com/skills/gh-repo-security-audit/?utm_source=badge&utm_medium=readme&utm_campaign=skill_badge)
<script>
<script src="https://claudskills.com/embed/gh-repo-security-audit.js" async></script>
<iframe>
<iframe src="https://claudskills.com/embed/gh-repo-security-audit.html" width="100%" height="160" frameborder="0" loading="lazy" title="ClaudSkills: Gh Repo Security Audit"></iframe>

Free. No spam. Unsubscribe in one click.

More Security skills

Browse all Security skills in the ClaudSkills registry, or explore these other picks from the same category:

Browse all Security skills → Top 100 skills
Part of ClaudSkills — the open registry for Claude Skills & Claude Code Skills.  ·  What's New  ·  Install guide  ·  About  ·  llms.txt

Part of Acreator Store — Adam Lankamer's AI tools: PerfectStudio · Ucaption · UTagger · AutoXPoster · TestYourSkills · AutomationFlows · Au Naturel

Categories

Use cases

Popular tags

Learn

Site