[ AI Augmentation Protocol ]
Target: Local Development
Status: Operational

System Ready

Execute
Security.

Your AI just became a senior security engineer. One command. 29 battle-tested security checks built into every coding assistant you already use.

[ Installation Vector ]

❯npx @netxeo/security-skill

[ Technical Specs ]

Security Modules

CWE Covered

OWASP Lists

0×

ASVS Level

[ Execution Log ]

What happens after
/security-audit

USER > /security-audit

🔍 Detecting stack... Next.js · Supabase · Vercel · Node 20

📋 Running 25 security checks across 29 modules...

╔══════════════════════════════════════════╗
║  🔐  SECURITY AUDIT — myproject          ║
║      Stack: Next.js · Supabase · Vercel  ║
╠══════════════════════════════════════════╣
║  SCORE  :  61 / 100  [ WARNING ]         ║
╠══════════════════════════════════════════╣
║  [!] Secrets & Files        12/20  ← FIX ║
║  [+] Auth & Sessions        18/20        ║
║  [!] Database (RLS)          8/20  ← FIX ║
║  [-] HTTP Headers           13/20        ║
║  [+] Source Code            18/20        ║
╚══════════════════════════════════════════╝

CRITICAL — Supabase service role key exposed in frontend

Any visitor gets full DB access · Execute: /security-fix supabase-key

HIGH — RLS disabled on 3 tables (users, orders, messages)

Authenticated users can read all rows · Execute: /security-fix rls

[ Visual Evidence ]

Without Protocol

With Protocol Active

Execution Output

[ Implementation Protocol ]

[01]

One command. Zero config.

npx @netxeo/security-skill

Installs 29 security modules and auto-configures every AI assistant on your machine. Done in under 10 seconds.

[02]

Your AI becomes the expert.

/security-scan

Auto-detects your stack — Next.js, Firebase, Docker — and runs targeted checks. No guessing, no false positives.

[03]

Review & fix. Your call.

/security-fix

See the exact diff before anything changes. Every fix is explained. Non-breaking. Approved by you.

[ Feature Matrix ]

[01]

Scans in 30 seconds

No build step. No cloud. Pure AI pattern recognition on your actual codebase.

[02]

You approve every fix

The AI proposes a diff. You decide. Nothing changes without your explicit approval.

[03]

Security score /100

Tracked in memory-security.md. You'll watch your score climb with every fix.

[04]

Any stack, anywhere

Next.js, Express, Django, Laravel, Spring Boot. Auto-detected from your project.

[05]

Context-rich findings

Each vulnerability includes the attack vector, real-world impact, and a tailored fix.

[06]

Persistent memory

Accepted risks, rotation schedules — your AI remembers across every session.

[ Engine Compatibility ]

ClaudeCLAUDE.md

GitHub Copilotcopilot-instructions.md

Cursor.cursorrules

Windsurf.windsurfrules

Cline.clinerules

OpenAI CodexAGENTS.md

Continue.dev.continue/config.yaml

Aider.aider.conf.yml

GeminiGEMINI.md