Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

Commencer

security-audit

Étoiles0

Forks0

Mis à jour13 février 2026 à 03:58

Deep security audit of the codebase (Janet Moore's workflow)

Installation

Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.

Exécuter dans Manus

Source

g-zenr

g-zenr/relay-api

Ouvrir le dépôt GitHub Voir les dépôts du créateur

Téléchargement

Exécuter dans Manus

Métiers associésSOC

Basé sur la classification professionnelle SOC

Analystes en sécurité de l'informationProfessions informatiques et mathématiques·SOC 15-1212

SKILL.md

readonly

name	security-audit
description	Deep security audit of the codebase (Janet Moore's workflow)

Perform a security audit following Janet Moore's standards.

Audit Checklist

1. Authentication & Authorization

Read the dependencies/DI file — verify timing-safe comparison (see stack concepts) is used, not equality operator
Verify health/readiness endpoints bypass auth via the public DI dependency
Verify ALL state-changing endpoints require auth when API key is configured
Check error messages are uniform — no enumeration clues

2. Input Validation

Read the models/schemas file — verify all fields have type constraints
Check identifier parameters use appropriate validation constraints
Check state parameters use enum types — no raw strings
Verify typed schemas (see stack concepts) are used on every endpoint (no raw object parsing)

3. Information Leakage

Search for traceback, stack, __file__, __name__ in API responses
Verify all error responses use the error response model
Check no internal paths, class names, or implementation details in 4xx/5xx responses
Verify logging never outputs API keys or secrets

4. Audit Trail

Verify ALL state-changing operations produce audit log entries
Check audit entries include: action, identifier, state, timestamp
Verify all state-changing service methods produce audit entries

5. Rate Limiting

Read the middleware file — verify per-client IP rate limiting
Check 429 response includes Retry-After header
Verify rate limit is configurable via the project's env vars

6. CORS & Headers

Check CORS origins come from config, not hardcoded
Verify CORS is configurable via the project's env vars

7. Dependencies

Run dependency audit command if available to check for known CVEs
Review the requirements file for outdated or vulnerable packages

Output Format

Group findings by severity: Critical, High, Medium, Low, Info Include specific file:line references and remediation steps for each finding.

Plus depuis ce dépôt

même dépôt

add-device

g-zenr/relay-api

Add a new implementation of the primary protocol/interface (Alex Rivera's workflow)

2026-02-130

add-endpoint

g-zenr/relay-api

Add a new API endpoint following all project standards

2026-02-130

add-feature

g-zenr/relay-api

Plan and implement a complete feature end-to-end across all layers

2026-02-130

audit

g-zenr/relay-api

Full codebase audit — dead code, layer violations, concurrency, observability, code quality

2026-02-130

ci-cd

g-zenr/relay-api

Set up or update GitHub Actions CI/CD pipeline (Marcus Chen's workflow)

2026-02-130

cleanup

g-zenr/relay-api

Remove dead code, unused imports, stale files, and fix code quality issues found by /audit

2026-02-130

name	security-audit
description	Deep security audit of the codebase (Janet Moore's workflow)

Perform a security audit following Janet Moore's standards.

Audit Checklist

1. Authentication & Authorization

Read the dependencies/DI file — verify timing-safe comparison (see stack concepts) is used, not equality operator
Verify health/readiness endpoints bypass auth via the public DI dependency
Verify ALL state-changing endpoints require auth when API key is configured
Check error messages are uniform — no enumeration clues

2. Input Validation

Read the models/schemas file — verify all fields have type constraints
Check identifier parameters use appropriate validation constraints
Check state parameters use enum types — no raw strings
Verify typed schemas (see stack concepts) are used on every endpoint (no raw object parsing)

3. Information Leakage

Search for traceback, stack, __file__, __name__ in API responses
Verify all error responses use the error response model
Check no internal paths, class names, or implementation details in 4xx/5xx responses
Verify logging never outputs API keys or secrets

4. Audit Trail

Verify ALL state-changing operations produce audit log entries
Check audit entries include: action, identifier, state, timestamp
Verify all state-changing service methods produce audit entries

5. Rate Limiting

Read the middleware file — verify per-client IP rate limiting
Check 429 response includes Retry-After header
Verify rate limit is configurable via the project's env vars

6. CORS & Headers

Check CORS origins come from config, not hardcoded
Verify CORS is configurable via the project's env vars

7. Dependencies

Run dependency audit command if available to check for known CVEs
Review the requirements file for outdated or vulnerable packages

Output Format

Group findings by severity: Critical, High, Medium, Low, Info Include specific file:line references and remediation steps for each finding.