Menu
Use this skill for security reviews of VoxBento code. Covers OWASP Top 10 and VoxBento-specific threat model.
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
| name | security-audit |
| description | Use this skill for security reviews of VoxBento code. Covers OWASP Top 10 and VoxBento-specific threat model. |
Use this skill for security reviews of VoxBento code. Covers OWASP Top 10 and VoxBento-specific threat model.
| Actor | Capability | Risk |
|---|---|---|
| Anonymous user | Reaches public routes (/, /register, /login, /healthz, /ws/captions/*) | Low |
| Authenticated user | Joins events they are assigned to | Low |
| Malicious invite token holder | Uses token for different booth | Mitigated by WS scope check |
| Rogue interpreter | Tries to go live without being active | Mitigated by _resolve_whip_url |
| Admin with access | Full event/user management | Inherently trusted |
| Network attacker | MITM on HTTP connections | Use HTTPS/TLS in production |
Depends(require_admin).require_admin checks user_token (is_admin or event_admin) then admin_token.check_publish_permission in BoothRegistry).booth:set-active: only coordinator or current active can reassign.session_token.event_slug + language_code must match booth_id.session.granted_role used — never data['role'].granted_role = None → 403 (not just redirect).JWT_SECRET / SECRET_KEY are not default values in production.API_KEY_ENCRYPTION_KEY is not "change-this-encryption-key-in-production" (raises RuntimeError if default).admin_password / jwt_secret not logged.validate_event_slug, validate_language_code).debug: bool = True in default settings — must be False in production.BOOTH_ACCESS_TOKEN unset = no token guard on API; set it in production if API is public.ADMIN_PASSWORD must be set; empty string disables admin login (see portal/routers/auth.py).database_url default is SQLite — use PostgreSQL in production.SECRET_KEY: str = 'change-me' — must be overridden./login or /register (see TD-08 in TECHNICAL_DEBT_REPORT.md).user.is_active checked on login — deactivated users cannot log in.jwt_expiry_seconds default 86400 = 24h).httponly=True, samesite='lax' on all auth cookies.secure=True on cookies in code — must be added for HTTPS deployments or handled by reverse proxy._check_mediamtx() and _ensure_mediamtx_path() use settings.mediamtx_api_base — hardcoded from config, not user input._make_jitsi_url(base_url, room) — base_url is from settings; room is from DB (admin-entered, not end-user).All redirects in portal/routers/ must use safe_redirect(url):
def safe_redirect(url: str, status_code: int) -> RedirectResponse:
url = url.replace('\\', '').strip()
parsed = urlparse(url)
if url and not parsed.netloc and not parsed.scheme and url.startswith('/'):
return RedirectResponse(url=url, status_code=status_code)
return RedirectResponse(url='/', status_code=status_code)
Check next_url / next parameter usage:
grep -rn "next_url\|next=" portal/routers/
Ensure all uses pass through safe_redirect.
| Cookie | httponly | samesite | secure |
|---|---|---|---|
session_token | ✓ | lax | ✗ (set by reverse proxy TLS) |
user_token | ✓ | lax | ✗ |
admin_token | ✓ | lax | ✗ |
Production hardening: ensure TLS termination at Caddy/nginx level; add Strict-Transport-Security header.
VoxBento does not directly pass user input to LLM APIs. Transcription providers receive audio (PCM bytes), not text, from the server. There is no LLM chain in the current implementation.
# Check for raw redirects (should be none)
grep -rn "RedirectResponse(url=" portal/routers/ | grep -v safe_redirect
# Check for debug=True in production settings
grep -n "debug" portal/config.py
# Check JWT secret default
grep -n "change-me\|secret_key" portal/config.py
# Check no inline scripts in templates
grep -rn "<script>" templates/
Use this skill to evaluate proposed architecture changes against VoxBento's design principles.
Use this skill to find files, understand module ownership, and locate code in VoxBento.
Use this skill to analyse, audit, or modify HTTP and WebSocket routes in VoxBento. All routes live in `portal/routers/`.
Use this skill for tasks involving transcription providers, caption streaming, or the audio pipeline. Reference: `portal/transcription/`, [TRANSCRIPTION_MAP.md](../../context/TRANSCRIPTION_MAP.md).
Use this skill to analyse, audit, or modify database models, migrations, and CRUD helpers. Reference: `portal/models.py`, `portal/database.py`, `alembic/versions/`.
Use this skill to review deployments, validate production readiness, or assist with deployment procedures. Reference: `DEPLOYMENT_GUIDE.md`, `docker-compose.yml`, `Caddyfile`, `Dockerfile`.