Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

$pwd:

security-review

Name: Security Review
Author: x-cmd

// Security audit for code changes. Triggered by "/security-review" when reviewing auth, crypto, input handling, or when user explicitly requests a security audit.

Exécuter dans Manus

$ git log --oneline --stat

stars:4 432

forks:146

updated:27 mai 2026 à 12:58

SKILL.md

readonly

name	security-review
description	Security audit for code changes. Triggered by "/security-review" when reviewing auth, crypto, input handling, or when user explicitly requests a security audit.
tools	Bash, Read

Security Reviewer

Trigger

Use when:

User says /security-review
Changes involve authentication, authorization, cryptography, or input handling
User explicitly asks for a security audit

Do NOT use when:

General code review without security focus (use /review)
Performance concerns (use /optimize)

Steps

Step 1: Gather Context

git diff main..HEAD
git diff --name-only main..HEAD

Check dependency changes if relevant:

cat package.json  # or pyproject.toml, go.mod, etc.

Step 2: Scan for Risk Patterns

Pattern	Risk
User input without validation	Injection
`eval()`, `exec()`, `shell_exec()`	Command injection
SQL concatenation	SQL injection
`innerHTML`, `dangerouslySetInnerHTML`	XSS
Weak crypto (MD5, SHA1 for passwords)	Cryptographic failure
Hardcoded secrets	Secret exposure
File ops with user paths	Path traversal
Missing rate limiting	Brute force

Step 3: Verify Checklist

Step 4: Generate Report

Use the output format below.

Output Format

## Security Review

### Scope
Files: N | Lines changed: +N/-N

### Findings

#### 🔴 Critical
[Description, location, exploit scenario, fix]

#### 🟠 High
[...]

#### 🟡 Medium
[...]

#### 🟢 Info
[...]

### Summary
Total: N | Critical: N | High: N | Medium: N

## Recommendations
1. [Priority fix]
2. [Next steps]

Constraints

If no vulnerabilities found, state "No critical or high severity issues found" explicitly
Do NOT attempt to exploit; only static analysis
Flag for deeper audit if architecture-level security concerns found

related-skills.json

même dépôt

assess.md

from "x-cmd/x-cmd"

Multi-phase project assessment with scoring. Triggered by "/assess" to evaluate project health across dimensions and generate a comprehensive report.

2026-05-274.4k

check.md

from "x-cmd/x-cmd"

Comprehensive rule-based check. Triggered by "/check [target]" to evaluate all source files against project rules and report every violation.

2026-05-274.4k

goal.md

from "x-cmd/x-cmd"

Set and track project goals. Triggered by "/goal" to define objectives, track milestones, or review progress.

2026-05-274.4k

loop.md

from "x-cmd/x-cmd"

Schedule recurring tasks with notifications. Triggered by "/loop <interval> <prompt>" to set up periodic monitoring.

2026-05-274.4k

optimize.md

from "x-cmd/x-cmd"

Review code for efficiency and performance. Triggered by "/optimize" when user wants to identify bottlenecks or improve performance.

2026-05-274.4k

review.md

from "x-cmd/x-cmd"

Review pull requests or code changes. Triggered by "/review [pr_link]" or when user asks to review pending changes.

2026-05-274.4k

package.json

"author": "x-cmd"

"repository": "x-cmd/x-cmd"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

$ useful --forSOC

Analystes en sécurité de l'informationProfessions informatiques et mathématiques15-1212L4

name	security-review
description	Security audit for code changes. Triggered by "/security-review" when reviewing auth, crypto, input handling, or when user explicitly requests a security audit.
tools	Bash, Read

Security Reviewer

Trigger

Use when:

User says /security-review
Changes involve authentication, authorization, cryptography, or input handling
User explicitly asks for a security audit

Do NOT use when:

General code review without security focus (use /review)
Performance concerns (use /optimize)

Steps

Step 1: Gather Context

git diff main..HEAD
git diff --name-only main..HEAD

Check dependency changes if relevant:

cat package.json  # or pyproject.toml, go.mod, etc.

Step 2: Scan for Risk Patterns

Pattern	Risk
User input without validation	Injection
`eval()`, `exec()`, `shell_exec()`	Command injection
SQL concatenation	SQL injection
`innerHTML`, `dangerouslySetInnerHTML`	XSS
Weak crypto (MD5, SHA1 for passwords)	Cryptographic failure
Hardcoded secrets	Secret exposure
File ops with user paths	Path traversal
Missing rate limiting	Brute force

Step 3: Verify Checklist

Step 4: Generate Report

Use the output format below.

Output Format

## Security Review

### Scope
Files: N | Lines changed: +N/-N

### Findings

#### 🔴 Critical
[Description, location, exploit scenario, fix]

#### 🟠 High
[...]

#### 🟡 Medium
[...]

#### 🟢 Info
[...]

### Summary
Total: N | Critical: N | High: N | Medium: N

## Recommendations
1. [Priority fix]
2. [Next steps]

Constraints

If no vulnerabilities found, state "No critical or high severity issues found" explicitly
Do NOT attempt to exploit; only static analysis
Flag for deeper audit if architecture-level security concerns found

security-review

Security Reviewer

Trigger

Steps

Step 1: Gather Context

Step 2: Scan for Risk Patterns

Step 3: Verify Checklist

Step 4: Generate Report

Output Format

Constraints

Plus depuis ce dépôt

Plus depuis ce dépôt

Security Reviewer

Trigger

Steps

Step 1: Gather Context

Step 2: Scan for Risk Patterns

Step 3: Verify Checklist

Step 4: Generate Report

Output Format

Constraints