Shield v0.2.0 — Security Auditor
What's New
Security Auditor — Intelligence Layer (/shield:audit)
Shield now has two complementary skills:
/shield:shield— runs tools (Semgrep, gitleaks, npm audit, Shannon)/shield:audit— reasons about findings, finds what tools miss
The Security Auditor works without any tools installed — it uses pure reasoning to analyze code, IaC, and architecture for vulnerabilities that static analysis tools are blind to.
What /shield:audit does
- Attack chains — not just "SQL injection found" but "here's the exact curl command to exploit it"
- Exploitability rating — Trivial / Easy / Moderate / Hard / Theoretical
- False positive analysis — confirms or dismisses Semgrep findings with code context
- Logic vulnerabilities — IDOR, race conditions, business logic flaws, JWT attacks
- IaC security review — Dockerfile, Kubernetes, Terraform, GitHub Actions, nginx
- Architecture threat modeling — trust boundaries, attack surface mapping
- Adjusted risk score — combines Shield's tool score with manual analysis delta
Reference files (loaded on demand)
| File | Content |
|---|---|
owasp-top10.md |
OWASP Top 10 2021 with CWEs and code patterns |
iac-checklist.md |
Docker, k8s, Terraform, GitHub Actions, nginx checklists |
crypto-guidance.md |
Passwords, AES-GCM, JWT, TLS, key management |
Usage
# Scan with tools, then analyze with intelligence
/shield:shield quick
/shield:audit
# Or audit any file directly (no scan needed)
/shield:audit src/auth.py
/shield:audit Dockerfile
/shield:audit terraform/main.tf