Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

Commencer

$pwd:

ai-code-review

Name: Ai Code Review
Author: transilienceai

// Deep code scan for AI security issues — prompt injection, PII in prompts, hardcoded keys, unguarded agents.

Exécuter dans Manus

$ git log --oneline --stat

stars:136

forks:28

updated:21 avril 2026 à 06:04

SKILL.md

readonly

name	ai-code-review
description	Deep code scan for AI security issues — prompt injection, PII in prompts, hardcoded keys, unguarded agents.
user-invocable	true

AI Code Review

You are performing a deep AI security review of a code repository for a founder. Focus on practical, actionable findings.

Prerequisite

Whitney is a separate open-source tool shipped at github.com/transilienceai/whitney. Install it first if it is not already on PATH:

pip install whitney

The whitney CLI does the static detection. This skill wraps it with plain-English explanations and severity grouping.

What to do

Read shasta.config.json for python_cmd. Scan the current directory or a specified path by calling whitney scan --json.

Run code review

whitney scan . --json > /tmp/whitney-findings.json

If whitney is not installed, fall back to the module form:

<PYTHON_CMD> -m whitney.cli scan . --json > /tmp/whitney-findings.json

Then parse and group the output:

<PYTHON_CMD> -c "
import json
from collections import defaultdict

data = json.load(open('/tmp/whitney-findings.json'))
by_severity = defaultdict(list)
for f in data:
    details = f.get('details', {}) or {}
    by_severity[f.get('severity', 'info')].append({
        'check_id': f.get('check_id'),
        'title': f.get('title'),
        'file': details.get('file_path', 'unknown'),
        'line': details.get('line_number', '?'),
        'cwe': details.get('cwe', []),
        'owasp': details.get('owasp', []),
        'owasp_agentic': details.get('owasp_agentic', []),
        'snippet': details.get('code_snippet', ''),
        'remediation': f.get('remediation', ''),
    })

print(json.dumps({
    'total': len(data),
    'critical': len(by_severity.get('critical', [])),
    'high': len(by_severity.get('high', [])),
    'medium': len(by_severity.get('medium', [])),
    'low': len(by_severity.get('low', [])),
    'findings': dict(by_severity),
}, indent=2))
"

Present results

For each finding:

Show the file path and line number
Show the code snippet (3 lines of context)
Include CWE, OWASP LLM Top 10, and OWASP Agentic tags
Explain what the risk is in plain English
Provide specific remediation steps

Group by severity: CRITICAL (fix now) → HIGH (fix this sprint) → MEDIUM (fix this month) → LOW (track)

Tone

Be specific about what's wrong and how to fix it
Show the actual code that's problematic
Provide the fixed code where possible

Why not compliance frameworks?

Whitney emits raw findings with CWE and the two OWASP families baked in. Regulatory framework enrichment (ISO 42001, EU AI Act, NIST AI RMF, MITRE ATLAS) is Shasta's job — the /ai-scan skill adds those tags as a post-processing step via shasta.compliance.ai.mapper.

related-skills.json

même dépôt

connect-gcp.md

from "transilienceai/shasta"

Connect to a GCP project, validate credentials, and discover what services are in use.

2026-05-15136

scan.md

from "transilienceai/shasta"

Run SOC 2 compliance checks against connected cloud accounts (AWS, Azure, and/or GCP) and display findings.

2026-05-15136

ai-scan.md

from "transilienceai/shasta"

Run AI governance checks across cloud accounts and code repos — ISO 42001, EU AI Act, NIST AI RMF compliance.

2026-04-21136

discover-ai.md

from "transilienceai/shasta"

Scan cloud accounts and GitHub repos to discover AI/ML services and build an AI system inventory.

2026-04-21136

audit.md

from "transilienceai/shasta"

Walk staged changes against the engineering principles checklist and report pass/fail per principle. Run before any non-trivial commit. Catches doc drift, stub functions, single-region defaults, missing framework mappings, and other regressions before they ship.

2026-04-16136

trust-center.md

from "transilienceai/shasta"

Generate a public-facing security trust page from scan data. Produces a single deployable index.html that shows compliance framework scores, security policies, infrastructure overview, and data protection posture. Deployable to S3, Vercel, Netlify, or GitHub Pages.

2026-04-10136

package.json

"author": "transilienceai"

"repository": "transilienceai/shasta"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

$ useful --forSOC

Analystes en assurance qualité des logiciels et testeursProfessions informatiques et mathématiques15-1253L4

name	ai-code-review
description	Deep code scan for AI security issues — prompt injection, PII in prompts, hardcoded keys, unguarded agents.
user-invocable	true

AI Code Review

You are performing a deep AI security review of a code repository for a founder. Focus on practical, actionable findings.

Prerequisite

Whitney is a separate open-source tool shipped at github.com/transilienceai/whitney. Install it first if it is not already on PATH:

pip install whitney

The whitney CLI does the static detection. This skill wraps it with plain-English explanations and severity grouping.

What to do

Read shasta.config.json for python_cmd. Scan the current directory or a specified path by calling whitney scan --json.

Run code review

whitney scan . --json > /tmp/whitney-findings.json

If whitney is not installed, fall back to the module form:

<PYTHON_CMD> -m whitney.cli scan . --json > /tmp/whitney-findings.json

Then parse and group the output:

<PYTHON_CMD> -c "
import json
from collections import defaultdict

data = json.load(open('/tmp/whitney-findings.json'))
by_severity = defaultdict(list)
for f in data:
    details = f.get('details', {}) or {}
    by_severity[f.get('severity', 'info')].append({
        'check_id': f.get('check_id'),
        'title': f.get('title'),
        'file': details.get('file_path', 'unknown'),
        'line': details.get('line_number', '?'),
        'cwe': details.get('cwe', []),
        'owasp': details.get('owasp', []),
        'owasp_agentic': details.get('owasp_agentic', []),
        'snippet': details.get('code_snippet', ''),
        'remediation': f.get('remediation', ''),
    })

print(json.dumps({
    'total': len(data),
    'critical': len(by_severity.get('critical', [])),
    'high': len(by_severity.get('high', [])),
    'medium': len(by_severity.get('medium', [])),
    'low': len(by_severity.get('low', [])),
    'findings': dict(by_severity),
}, indent=2))
"

Present results

For each finding:

Show the file path and line number
Show the code snippet (3 lines of context)
Include CWE, OWASP LLM Top 10, and OWASP Agentic tags
Explain what the risk is in plain English
Provide specific remediation steps

Group by severity: CRITICAL (fix now) → HIGH (fix this sprint) → MEDIUM (fix this month) → LOW (track)

Tone

Be specific about what's wrong and how to fix it
Show the actual code that's problematic
Provide the fixed code where possible

ai-code-review

AI Code Review

Prerequisite

What to do

Run code review

Present results

Tone

Why not compliance frameworks?

Plus depuis ce dépôt

Plus depuis ce dépôt

AI Code Review

Prerequisite

What to do

Run code review

Present results

Tone

Why not compliance frameworks?