AAWEA.ORG

Security Audit Weekly

Weekly npm audit scan, triage vulnerabilities by severity, and propose or apply safe patches.

👁 1,090 views 📥 1,818 installs 👤 by loops!

Manual start

↓

1

Run npm audit

Run npm audit and capture critical, high, and moderate findings.

> npm audit --json
2

Triage findings

Group vulnerabilities by severity and exploitability. Flag dev-only vs production exposure.
3

Propose fixes

Recommend npm audit fix, targeted overrides, or dependency bumps. Note breaking changes.

↓

✓

Exit condition: manual

Weekly security audit summary delivered with remediation plan

📊 Flow Diagram

flowchart TD Start(["Interval start"]) Start --> S0 S0("Run npm audit") S1("Triage findings") S0 --> S1 S2("Propose fixes") S1 --> S2 Exit{"Weekly security audit summary delivered with remediation plan"} S2 --> Exit Exit -- "No" --> S0 Exit -- "Yes" --> Done(["Success"]) style Exit fill:#fffbeb,stroke:#f59e0b,stroke-width:2px,color:#92400e style Done fill:#ecfdf5,stroke:#10b981,stroke-width:2px,color:#065f46

Run "Security Audit Weekly" in your agent

Prompt only

Deeplinks and "Open in Cursor" only paste the kickoff prompt. They do not install hook files — your agent cannot tell whether files are on disk until you add them yourself.

Two separate pieces

Kickoff prompt — tells the agent the goal, check command, exit condition, and how to self-pace.

Kickoff prompt

/loop 7d Start the "Security Audit Weekly" loop.

Goal: deliver a weekly npm audit summary with a remediation plan.
Between iterations run: npm audit --json
Exit when: summary is posted with prioritized fixes.

Step 1: Run npm audit, triage by severity, and propose safe remediation steps.

Anti-gaming rules

Rules the agent must follow so it cannot cheat the exit condition.

Do not modify the check command or exit criteria to force success
Do not skip, disable, or bypass checks to pass the exit condition
If stuck after several iterations, stop and report blockers instead of gaming metrics