security-review

Solid

Security vulnerability assessment identifying OWASP risks, injection vectors, authentication issues, and data exposure with severity classification.

AI & Automation 1,160 stars 71 forks Updated today MIT

Install

View on GitHub

Quality Score: 94/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Security Review ## Overview Identify security vulnerabilities in code changes. Covers OWASP categories, injection vectors, authentication/authorization issues, data exposure, and dependency risks. ## When to Use - After code review passes (or in parallel) - Before any code merge involving user-facing changes - As part of the /review-security command - Mandatory for high-stakes implementations ## Process 1. Identify modified files with security relevance 2. Scan for common vulnerability patterns 3. Assess authentication and authorization changes 4. Check for data exposure risks 5. Evaluate dependency security 6. Classify severity and provide recommendations ## Severity Levels - **Critical**: Immediate exploitation risk - **High**: Significant vulnerability requiring fix before merge - **Medium**: Vulnerability that should be addressed soon - **Low**: Minor security improvement opportunity ## Key Rules - Security review failure halts implementation - All findings must include file paths and line numbers - Provide actionable remediation steps - Reference OWASP categories where applicable ## Tool Use Invoke via babysitter process: `methodologies/rpikit/rpikit-review`

Details

Author: a5c-ai
Repository: a5c-ai/babysitter
Created: 4 months ago
Last Updated: today
Language: JavaScript
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

Code & Development Listed

security-reviewer

Cross-language security review — injection, auth/authz, secrets, insecure defaults, deserialization, CSRF/SSRF/IDOR, dep vulns. Emits a Critical/High/Medium/Low report with file:line + fixes. Use when auditing a PR or pre-release.

2 Updated 1 weeks ago

ralvarezdev

AI & Automation Listed

security-review

Run a comprehensive security review on code

1 Updated today

ItsProGamer974

Code & Development Listed

security-review

Security review workflow for a PR, feature or codebase — scope, automated scans, manual OWASP/CWE pattern-check, prioritize and report. Uses secure-coding as pattern library.

4 Updated 1 weeks ago

roodlicht

AI & Automation Listed

security-review

Checklist-driven security review pass for pull requests.

0 Updated 2 days ago

crewship-ai

API & Backend Solid

security-review

Thorough, adversarial security review of API endpoints, UI flows that call those endpoints, and any database-interacting code. Use when the user asks for a security review, permission/authorization audit, red-team style assessment, or vulnerability analysis. Assume access to source code and a running system; perform threat modeling and check current vulnerabilities relevant to the stack.

364 Updated today

majiayu000