Stats
Actions
Tags
From universe
Performs exploitability review of targeted code, tracing untrusted inputs through validation/processing/output, checking authorization completeness like IDOR, using shieldkit_scan baseline.
How this skill is triggered — by the user, by Claude, or both
Slash command
/universe:security-reviewThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Perform a security-focused code review. Unlike a general code review (style, correctness,
Perform a security-focused code review. Unlike a general code review (style, correctness, performance), this review asks one question: can this code be exploited?
Reads the code with an attacker's mindset. Traces data from untrusted sources through processing to storage/output. Identifies where validation is missing, where authorization is incomplete, and where assumptions can be broken.
Call shieldkit_scan with the target file. If available, use the structured findings
(SQL injection, missing auth, hardcoded secrets, dangerous functions) as a starting point.
Then go deeper with semantic analysis below.
If unavailable, proceed directly to manual analysis.
Read the target code. For each function or handler, ask:
For each piece of untrusted input (request params, body, headers, URL, cookies, uploaded files, webhook payloads), trace it through the code:
Input source → Validation → Processing → Storage/Output
At each step, check:
For every operation that modifies data or accesses resources:
Ownership verification methodology:
findById(req.params.id))Example of MISSING ownership:
const order = await Order.findById(req.params.orderId); // Anyone can access any order
Example of CORRECT ownership:
const order = await Order.findOne({ _id: req.params.orderId, userId: req.user.id });
Errors are a common source of information disclosure:
crypto.timingSafeEqual()),
and ensure login flows take the same time regardless of whether the user existsReport format:
## Security Review — {file}
**Risk Level: {Critical / High / Medium / Low / Clean}**
### Findings
1. **{Vulnerability type}** — Line {n}
**Severity:** {Critical/High/Medium/Low}
**Data flow:** {untrusted source} → {processing step} → {vulnerable operation}
**Attack:** {How an attacker would exploit this}
**Fix:** {Specific code change}
2. ...
### Secure Patterns Found
{Acknowledge what's done well — auth checks, parameterized queries, etc.}
### Recommendations
{Prioritized list of changes to make}
/scan — Use for broader vulnerability coverage across the project/threat-model — Use for strategic risk assessment of features and systemsreferences/review-checklist.md — Quick-reference checklist for security review
organized by code area (routes, auth, database, file handling, etc.)npx claudepluginhub mbwsims/claude-universe --plugin universePerforms systematic security code review for vulnerabilities including injection, XSS, authentication, authorization, and cryptography issues. Reports only high-confidence exploitable findings after tracing data flow and checking framework protections.
Review code systematically for security vulnerabilities using OWASP Top 10, secure coding patterns, and static analysis best practices. Use when reviewing pull requests, conducting security code reviews, or implementing secure development practices.
Audits code for vulnerabilities using OWASP checklist on injection, authentication, authorization, secrets, input validation, configuration, dependencies, and cryptography risks.