Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

sentinelx-prime

Use when a repository wants stage-aware cybersecurity guidance during planning, risky implementation changes across authentication, authorization, tokens, secrets, middleware, outbound requests, file handling, CI, deployment, and other trust boundaries, post-implementation review, or pre-release hardening; do not trigger for doc-only, naming-only, formatting-only, or UI-only changes that do not affect a trust boundary

In Manus ausführen

Überblick

Installationsbefehl

npx skills add https://github.com/alicankiraz1/SentinelXPrime --skill sentinelx-prime

Kopieren Sie diesen Befehl und fügen Sie ihn in Claude Code ein, um den Skill zu installieren

Quelle

alicankiraz1/SentinelXPrime

Sterne37

Forks1

Aktualisiert4. April 2026 um 16:53

Datei-Explorer

10 Dateien

SKILL.md

readonly

name

sentinelx-prime

description

SentinelXPrime

Overview

Thin orchestrator for stage-aware security guidance. It chooses the right security skill for the current project stage and keeps outputs consistent.

When to Use

planning a feature, architecture, or task breakdown
changing authentication, authorization, tokens, secrets, middleware, outbound requests, file handling, CI, deployment, or another trust boundary
finishing implementation and deciding whether to run a security review
preparing release, handoff, or hardening checks

When Not to Use

doc-only changes
naming-only refactors
formatting-only edits
UI-only changes that do not affect a trust boundary

Workflow

Read references/context-resolution.md, references/activation-rules.md, references/interaction-model.md, references/risky-change-signals.md, references/notification-policy.md, references/lifecycle-persistence.md, and references/active-analysis.md.
Classify the stage as plan, review, test-rig, or uncertain, and classify whether the current work crosses a risky-change threshold.
Resolve repo-local checkpoint guidance through references/context-resolution.md rather than assuming a relative ../../AGENTS.md path.
For plan, invoke ../sentinelx-plan-gap/SKILL.md automatically.
For risky implementation work, ask once whether the user wants a read-only active analysis pass for the current scope. If they accept, collect scoped evidence through references/active-analysis.md. If git-backed discovery is unavailable but shell reads still work for files already visible in context or explicitly named by the user, use a limited current-source fallback and note the limitation in assumptions. If they decline or shell/file evidence is unavailable, stay description-based and note the limitation in assumptions.
For risky implementation work, run a low-noise scoped risky-change review pass using references/risky-change-review-pass-template.md with an enriched context pack when active analysis was allowed and available.
If a risky-change review pass returns no material concern, do not create a separate interruption.
For review, ask once before invoking ../sentinelx-review-gate/SKILL.md. If the user accepts, treat that acceptance as consent for read-only active analysis within the current review scope.
For test-rig, ask once before invoking ../sentinelx-test-rig/SKILL.md.
Normalize findings using ../shared/finding-schema.md.
End substantial outputs with a coverage note.

Stage Fallback

If the stage is uncertain, stay advisory, do not trigger a risky-change review pass, do not imply a full review occurred, and wait for stronger stage evidence or explicit user intent.

Guardrails

Never claim the project is secure.
Never run tools or mutate files without explicit user consent.
Treat read-only active analysis as tool execution that still requires explicit user consent.
If the stack is unclear, load ../shared/common-web-threats.md and say the stack is uncertain.
Do not repeat the same offer after a clear refusal in the same stage.
Do not imply that a child agent was spawned unless the user explicitly asked for delegation and the active environment actually supports that flow.
Never send the full session history when a narrow scoped context pack is sufficient for the risky-change review pass.
Risky-change review passes must remain advisory-only unless the user explicitly asks for stronger gating.
If repo-local checkpoint policy is missing, do not imply that later-stage security offers are guaranteed automatically.

Mehr aus diesem Repository

gleiches Repository

sentinelx-plan-gap

alicankiraz1/SentinelXPrime

Use when defining plans, specs, or task breakdowns for web application work that may be missing security requirements

2026-04-0437

sentinelx-review-gate

alicankiraz1/SentinelXPrime

Use when implementation is complete or review is requested and the user may want a focused security review of the changed code

2026-04-0437

sentinelx-test-rig

alicankiraz1/SentinelXPrime

Use when a feature or project is nearing handoff or release and the user may want a stack-aware security check plan without automatic setup

2026-04-0437

using-sentinelx

alicankiraz1/SentinelXPrime

Use when a session needs quick orientation to SentinelXPrime stages, checkpoints, guardrails, and the right SentinelXPrime skill to invoke

2026-04-0437

Quelle

alicankiraz1

alicankiraz1/SentinelXPrime

GitHub-Repository öffnen Creator-Repositorys ansehen

Installationsbefehl

Download

In Manus ausführen

Nützlich fürSOC

InformationssicherheitsanalystenInformatik- und Mathematikberufe15-1212L4

name

sentinelx-prime

description

SentinelXPrime

Overview

Thin orchestrator for stage-aware security guidance. It chooses the right security skill for the current project stage and keeps outputs consistent.

When to Use

planning a feature, architecture, or task breakdown
changing authentication, authorization, tokens, secrets, middleware, outbound requests, file handling, CI, deployment, or another trust boundary
finishing implementation and deciding whether to run a security review
preparing release, handoff, or hardening checks

When Not to Use

doc-only changes
naming-only refactors
formatting-only edits
UI-only changes that do not affect a trust boundary

Workflow

Read references/context-resolution.md, references/activation-rules.md, references/interaction-model.md, references/risky-change-signals.md, references/notification-policy.md, references/lifecycle-persistence.md, and references/active-analysis.md.
Classify the stage as plan, review, test-rig, or uncertain, and classify whether the current work crosses a risky-change threshold.
Resolve repo-local checkpoint guidance through references/context-resolution.md rather than assuming a relative ../../AGENTS.md path.
For plan, invoke ../sentinelx-plan-gap/SKILL.md automatically.
For risky implementation work, ask once whether the user wants a read-only active analysis pass for the current scope. If they accept, collect scoped evidence through references/active-analysis.md. If git-backed discovery is unavailable but shell reads still work for files already visible in context or explicitly named by the user, use a limited current-source fallback and note the limitation in assumptions. If they decline or shell/file evidence is unavailable, stay description-based and note the limitation in assumptions.
For risky implementation work, run a low-noise scoped risky-change review pass using references/risky-change-review-pass-template.md with an enriched context pack when active analysis was allowed and available.
If a risky-change review pass returns no material concern, do not create a separate interruption.
For review, ask once before invoking ../sentinelx-review-gate/SKILL.md. If the user accepts, treat that acceptance as consent for read-only active analysis within the current review scope.
For test-rig, ask once before invoking ../sentinelx-test-rig/SKILL.md.
Normalize findings using ../shared/finding-schema.md.
End substantial outputs with a coverage note.

Stage Fallback

If the stage is uncertain, stay advisory, do not trigger a risky-change review pass, do not imply a full review occurred, and wait for stronger stage evidence or explicit user intent.

Guardrails

Never claim the project is secure.
Never run tools or mutate files without explicit user consent.
Treat read-only active analysis as tool execution that still requires explicit user consent.
If the stack is unclear, load ../shared/common-web-threats.md and say the stack is uncertain.
Do not repeat the same offer after a clear refusal in the same stage.
Do not imply that a child agent was spawned unless the user explicitly asked for delegation and the active environment actually supports that flow.
Never send the full session history when a narrow scoped context pack is sufficient for the risky-change review pass.
Risky-change review passes must remain advisory-only unless the user explicitly asks for stronger gating.
If repo-local checkpoint policy is missing, do not imply that later-stage security offers are guaranteed automatically.