بنقرة واحدة
security-review
> Use when this capability is needed.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
> Use when this capability is needed.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Morning update routine: merge Renovate PRs, rebase local work, apply chezmoi changes Use when this capability is needed.
Use when the user wants to set, change, or clear git commit co-authors for pair or mob programming.
Use when the user asks to install, add, or set up a package, tool, CLI, or application
Use when the user wants to fetch and contextualize a GitHub repository for future reference.
Use when writing or reviewing GitHub-flavored Markdown (README, issues, PRs, docs)
Copy content to my clipboard using `pbcopy`. Use when this capability is needed.
A focused rubric for security review of a code change. Designed as the "security" specialist dimension of a multi-perspective PR review, but applies equally to a standalone audit.
Review ONLY your assigned diff (or module). Cross-module concerns go to the architecture specialist; correctness bugs without security impact go to correctness.
random vs secrets, password hashingSee threat-model.md for full per-section detail and CWE mapping.
CRITICAL — exploitable now, no special conditions: auth bypass, RCE, full data exposureHIGH — data exposure / auth gap requiring specific conditionsMEDIUM — mis-scoped tokens, weak validation, missing rate limitLOW — defense-in-depth hardeningINFO — notes for future considerationRule of thumb: CRITICAL vs HIGH — user action required to exploit? No = CRITICAL, chained = HIGH. HIGH vs MEDIUM — exploitable at attacker's expected access level? Yes = HIGH, needs escalation = MEDIUM.
| Severity | Location | Description | Suggested fix | Confidence | Runtime-context caveats |
|---|---|---|---|---|---|
| HIGH | file.py:112 | Path not containment-checked | resolve() + relative_to(root) | High | Requires malicious planner output |
Verdict at top: APPROVE | REQUEST CHANGES | REJECT.
Cite file:line. Reference CWE where clear (CWE-22 path traversal, CWE-89 SQLi).
Source: ohdearquant/lionagi — distributed by TomeVault.