تشغيل أي مهارة في Manus بنقرة واحدة

ابدأ الآن

security-audit

النجوم٠

التفرعات٠

آخر تحديث١٣ فبراير ٢٠٢٦ في ٠٣:٥٨

Deep security audit of the codebase (Janet Moore's workflow)

التثبيت

التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.

تشغيل في Manus

المصدر

g-zenr

g-zenr/relay-api

فتح مستودع GitHub عرض مستودعات المنشئ

تنزيل

تشغيل في Manus

المهن ذات الصلةSOC

استنادا إلى تصنيف SOC المهني

محللو أمن المعلوماتمهن الحاسوب والرياضيات·SOC 15-1212

SKILL.md

readonly

name	security-audit
description	Deep security audit of the codebase (Janet Moore's workflow)

Perform a security audit following Janet Moore's standards.

Audit Checklist

1. Authentication & Authorization

Read the dependencies/DI file — verify timing-safe comparison (see stack concepts) is used, not equality operator
Verify health/readiness endpoints bypass auth via the public DI dependency
Verify ALL state-changing endpoints require auth when API key is configured
Check error messages are uniform — no enumeration clues

2. Input Validation

Read the models/schemas file — verify all fields have type constraints
Check identifier parameters use appropriate validation constraints
Check state parameters use enum types — no raw strings
Verify typed schemas (see stack concepts) are used on every endpoint (no raw object parsing)

3. Information Leakage

Search for traceback, stack, __file__, __name__ in API responses
Verify all error responses use the error response model
Check no internal paths, class names, or implementation details in 4xx/5xx responses
Verify logging never outputs API keys or secrets

4. Audit Trail

Verify ALL state-changing operations produce audit log entries
Check audit entries include: action, identifier, state, timestamp
Verify all state-changing service methods produce audit entries

5. Rate Limiting

Read the middleware file — verify per-client IP rate limiting
Check 429 response includes Retry-After header
Verify rate limit is configurable via the project's env vars

6. CORS & Headers

Check CORS origins come from config, not hardcoded
Verify CORS is configurable via the project's env vars

7. Dependencies

Run dependency audit command if available to check for known CVEs
Review the requirements file for outdated or vulnerable packages

Output Format

Group findings by severity: Critical, High, Medium, Low, Info Include specific file:line references and remediation steps for each finding.

المزيد من هذا المستودع

نفس المستودع

add-device

g-zenr/relay-api

Add a new implementation of the primary protocol/interface (Alex Rivera's workflow)

2026-02-130

add-endpoint

g-zenr/relay-api

Add a new API endpoint following all project standards

2026-02-130

add-feature

g-zenr/relay-api

Plan and implement a complete feature end-to-end across all layers

2026-02-130

audit

g-zenr/relay-api

Full codebase audit — dead code, layer violations, concurrency, observability, code quality

2026-02-130

ci-cd

g-zenr/relay-api

Set up or update GitHub Actions CI/CD pipeline (Marcus Chen's workflow)

2026-02-130

cleanup

g-zenr/relay-api

Remove dead code, unused imports, stale files, and fix code quality issues found by /audit

2026-02-130

name	security-audit
description	Deep security audit of the codebase (Janet Moore's workflow)

Perform a security audit following Janet Moore's standards.

Audit Checklist

1. Authentication & Authorization

Read the dependencies/DI file — verify timing-safe comparison (see stack concepts) is used, not equality operator
Verify health/readiness endpoints bypass auth via the public DI dependency
Verify ALL state-changing endpoints require auth when API key is configured
Check error messages are uniform — no enumeration clues

2. Input Validation

Read the models/schemas file — verify all fields have type constraints
Check identifier parameters use appropriate validation constraints
Check state parameters use enum types — no raw strings
Verify typed schemas (see stack concepts) are used on every endpoint (no raw object parsing)

3. Information Leakage

Search for traceback, stack, __file__, __name__ in API responses
Verify all error responses use the error response model
Check no internal paths, class names, or implementation details in 4xx/5xx responses
Verify logging never outputs API keys or secrets

4. Audit Trail

Verify ALL state-changing operations produce audit log entries
Check audit entries include: action, identifier, state, timestamp
Verify all state-changing service methods produce audit entries

5. Rate Limiting

Read the middleware file — verify per-client IP rate limiting
Check 429 response includes Retry-After header
Verify rate limit is configurable via the project's env vars

6. CORS & Headers

Check CORS origins come from config, not hardcoded
Verify CORS is configurable via the project's env vars

7. Dependencies

Run dependency audit command if available to check for known CVEs
Review the requirements file for outdated or vulnerable packages

Output Format

Group findings by severity: Critical, High, Medium, Low, Info Include specific file:line references and remediation steps for each finding.