// Request a security expert assessment for code changes that touch child process spawning, file system access, configuration loading, or environment variable handling. Use when the Reviewer identifies security-sensitive changes in the MCP-LSP bridge.
| name | security-review |
| description | Request a security expert assessment for code changes that touch child process spawning, file system access, configuration loading, or environment variable handling. Use when the Reviewer identifies security-sensitive changes in the MCP-LSP bridge. |
| compatibility | Designed for Claude Code (or similar products) |
| metadata | {"author":"ktnyt","version":"1.0"} |
Invoke the security-reviewer agent to assess security-sensitive changes.
src/lsp-client.ts)src/file-editor.ts, src/file-scanner.ts)cclsp.json, CCLSP_CONFIG_PATH)src/lsp/adapters/)src/setup.ts)child_process spawn?file:// URIs validated before resolving?cclsp.json treated as trusted input? What
happens if it contains unexpected fields or types?Use the everything-claude-code:security-reviewer agent via the Task tool:
Task(
subagent_type: "everything-claude-code:security-reviewer",
prompt: "Review the following changes for security concerns: <describe changes>"
)
The security reviewer should produce:
Guides the design of safely disposable code through contracts (traits/interfaces) and dependency inversion. Use when designing new modules, refactoring existing code, or making architectural decisions about component boundaries.
Performs manual hands-on testing of a web application using playwright-cli. Spawns the dev server if needed, navigates to pages, performs browser actions, captures screenshots, checks outcomes, and produces a structured test report. Use when the user wants to visually verify a web feature, perform exploratory testing, or validate UI behavior.