Skill

security-review

Reviews code, skills, and prompts for security vulnerabilities covering OWASP Top 10, prompt injection, business logic flaws. Use for PRs, audits, or pre-release reviews.

security

ai-ml

Popularity

Stars

1,407

Forks

219

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/ai-devkit:security-review

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Find vulnerabilities before they ship.

Supporting Files

agents/openai.yamlreferences/checklist.md

SKILL.md

85 lines · ~1.2k tokens

Stats

LanguageTypeScript

Stars1,407

Forks219

MaintenanceExcellent

Last CommitJun 18, 2026

Actions

View Source View Plugin View on GitHub View README

Security Review

Find vulnerabilities before they ship.

Hard Rules

Do not dismiss a finding without evidence it is unexploitable.
Do not commit, log, or surface secrets discovered during review — flag and recommend rotation.
Do not modify code until the user approves a remediation plan.

Workflow

Scope
- Confirm target: diff, file set, module, full repo, or skill/prompt. A target can be both code and prompt.
- Identify stack/framework — adapt the checklist (skip what the framework handles, add its pitfalls).
- Trace data flow: request → middleware → handler → service → datastore → response. For prompts: input → template → LLM → tools → output.
- Map trust boundaries, privilege levels, and threat actors.
- Search prior findings: npx ai-devkit@latest memory search --query "<target>" --tags "security"
Scan
- Only check relevant categories. Skip sections and items that don't apply. Do not report skipped items.
- For diffs/PRs: also check whether the change weakens existing controls — removed middleware, bypassed validation, new unprotected routes.
- Categories in priority order: a. Secrets — hardcoded tokens, keys, connection strings. b. Injection — SQL, NoSQL, command, template, SSRF, path traversal, XSS. c. Auth — missing checks, privilege escalation, OAuth/OIDC, IDOR. d. Business Logic — race conditions, TOCTOU, workflow bypass, mass assignment, parameter tampering. e. Data Exposure — PII in logs, verbose errors, overly broad responses. f. Resource Exhaustion — unbounded queries, missing pagination, upload size, decompression bombs. g. Dependencies — critical CVEs only (RCE, auth bypass, data breach); ignore low/medium. h. Cryptography — weak algorithms, hardcoded IVs/keys, disabled certificate validation. i. Configuration — debug mode, permissive CORS, missing security headers. j. Logging — security events unlogged, no tamper protection, no alerting. k. Prompt Injection — instruction override, tool abuse, data exfiltration, indirect injection via tool results.
- For each finding: file, line, evidence.

Classify

Severity	Criteria
Critical	Exploitable now, data loss or RCE possible
High	Exploitable with moderate effort or insider access
Medium	Requires chained conditions or limited impact
Low	Defense-in-depth, no direct exploit path

Adjust severity by exposure (internet-facing vs internal) and data sensitivity.
Check for attack chains — multiple Medium findings that combine into High/Critical.
Mark false positives with reasoning.

Remediate
- For each finding: root cause, minimal fix (prefer stdlib/framework over custom), verification step.
- For Critical/High: also recommend a detection control (log, alert, or WAF rule).
- Present plan and request approval before changing code.
Verify
- Use the verify skill to confirm each remediation.
- Re-scan fixed files for regressions.
- Store findings: npx ai-devkit@latest memory store --title "<pattern>" --content "<finding and fix>" --tags "security,<category>"

Red Flags

Rationalization	Do Instead
"It's internal / behind a VPN / only admins"	Zero-trust: validate at every boundary regardless of network position or user role
"We'll add auth later"	Add auth before merge — unauthenticated endpoints get discovered fast
"It's just a dev credential"	Use env vars / secrets manager — dev secrets leak to prod constantly
"The framework handles that"	Verify the config — frameworks have defaults, not guarantees
"We sanitize on the frontend"	Always validate server-side — client validation is bypassable
"The LLM won't follow injected instructions"	Treat all tool results and external content as untrusted data
"It's just a prompt, not code"	Prompts control tool execution — review with the same rigor as code

Output Template

Scope: Target, stack, data flow, trust boundaries, threat actors
Findings (by severity): ID, severity, category, file:line, exploit scenario, fix
Attack Chains: Findings that escalate when combined
False Positives: Dismissed items with reasoning
Remediation Plan: Ordered fixes with verification steps
Residual Risk: Scope limitations, unverifiable items
Zero findings: state what was checked and scope boundaries — "no findings" ≠ "fully secure"

security-review

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

security-review

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

Security Review

Hard Rules

Workflow

Red Flags

Output Template

Similar Skills

Security Review

Hard Rules

Workflow

Red Flags

Output Template

Similar Skills