0xShe

0xShe / PHP-Code-Audit-Skill

Public

PHP-Code-Audit-Skill是一个专注于PHP代码审计的Skill

81
5
100% credibility
Found Mar 25, 2026 at 81 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
AI Summary

A set of AI agent guides for performing detailed security reviews of PHP web projects, from mapping paths to detecting vulnerabilities and generating reports.

How It Works

1
🔍 Discover the Safety Guide

You hear about a helpful collection of guides that checks PHP website code for hidden security risks, perfect for making sure your project is safe.

2
💻 Open Your AI Assistant

In your AI coding helper, you bring in these guides to start protecting your website.

3
🚀 Launch the Full Check

You select the main guide, point it to your project folder, and it begins exploring routes, tracking data paths, and spotting potential dangers.

4
Watch It Work

The guides carefully examine for issues like data leaks, command tricks, or file problems, gathering solid proof along the way.

5
📋 Receive Your Report

A clear summary arrives with listed risks, evidence details, fix ideas, and even chains of connected problems.

Strengthen Your Site

Armed with the insights, you easily patch the weaknesses, leaving your website secure and ready for users.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 81 to 81 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is PHP-Code-Audit-Skill?

PHP-Code-Audit-Skill is a collection of agent skills for performing white-box security audits on PHP web applications. It handles the full pipeline—from mapping routes and parameters, tracing data flows with control evidence, to auditing vulnerabilities like SQL injection, XSS, SSRF, and deserialization—culminating in exploit chain reports. Developers get structured Markdown outputs with risk pools, PoC templates, and fix suggestions, designed to run in AI tools like Cursor via simple prompts with a source path.

Why is it gaining traction?

It enforces evidence contracts, requiring data flow traces before confirming vulns, which cuts false positives common in keyword-based scanners. The pipeline covers 20+ vuln types plus supply chain checks on Composer deps and frameworks like Laravel or Symfony, all in one workflow. Users notice the quality report matrix tracking coverage and unresolved traces, making audits reproducible and actionable.

Who should use this?

Security auditors assessing PHP projects under legal authorization, like pre-deployment reviews or fix verification. AppSec teams tracing sinks in custom PHP apps or frameworks such as ThinkPHP and WordPress. Compliance engineers needing evidence-backed reports for business logic flaws or config risks.

Verdict

Worth testing for structured PHP code audits if you use Cursor—strong docs and pipeline make it practical despite low maturity (49 stars, 1.0% credibility score). Pair with tools like composer audit for production use until it gains more validation.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.