Stats
Actions
Tags
From security-code-audit
This skill should be used when the user asks to "review this file for security", "check file for vulnerabilities", "security analyze file", or mentions specific files like "review auth.py", "check login handler".
How this skill is triggered — by the user, by Claude, or both
Slash command
/security-code-audit:security-code-audit-review-fileThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Review a single file for security vulnerabilities.
Review a single file for security vulnerabilities.
Perform targeted security analysis of specific files like authentication handlers, database access layers, or API endpoints.
$ARGUMENTS - Path to the file to review
/security-code-audit-review-file src/auth/login.py
/security-code-audit-review-file ./handlers/user_handler.go
test -f "$ARGUMENTS" && echo "File exists" || echo "File not found"
Use Read tool to get the full file content.
Determine language from file extension:
| Extension | Language |
|---|---|
.py | Python |
.go | Go |
.rs | Rust |
.js, .ts, .jsx, .tsx | JavaScript/TypeScript |
.c, .h, .cpp, .cc | C/C++ |
.java | Java |
.cs | C# |
.php | PHP |
.sol | Solidity |
.tf | Terraform |
.zig | Zig |
grepai search "functions related to this file" --json --compact
grepai trace callers "SensitiveFunction" --json
grepai trace callees "EntryPoint" --json
See ../security-code-audit-review/references/language-checks.md for language-specific checks.
{
"file": "auth.py",
"file_path": "/absolute/path/to/auth.py",
"language": "python",
"reviews": [
{
"issue": "SQL Injection",
"code_snippet": "cursor.execute(f\"SELECT * FROM users WHERE id = {user_id}\")",
"reasoning": "User-controlled input directly interpolated into SQL query",
"mitigation": "Use parameterized queries: cursor.execute(\"SELECT * FROM users WHERE id = %s\", (user_id,))",
"confidence": 0.95,
"cwe": "CWE-89",
"severity": "CRITICAL"
}
]
}
See ../security-code-audit-review/references/ for:
language-checks.md - Security checks per languagecwe-reference.md - CWE IDs and severity levelsoutput-schema.md - JSON format validationnpx claudepluginhub mfakbar127/agent-skills --plugin security-code-auditProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.