ワンクリックで
secure-code-review
Security code review using OWASP Top 10, input validation, and Hack23 ISMS secure development policy for TypeScript/MCP
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Security code review using OWASP Top 10, input validation, and Hack23 ISMS secure development policy for TypeScript/MCP
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | secure-code-review |
| description | Security code review using OWASP Top 10, input validation, and Hack23 ISMS secure development policy for TypeScript/MCP |
| license | Apache-2.0 |
Conduct thorough security code reviews for TypeScript MCP server code, identifying vulnerabilities before production.
// ✅ SECURE: Zod schema validation
import { z } from 'zod';
const InputSchema = z.object({
id: z.number().int().positive(),
name: z.string().min(1).max(255),
country: z.string().length(2)
});
// ❌ INSECURE: No validation
function getUser(id: any) { return db.query(`SELECT * FROM users WHERE id = ${id}`); }
npm audit --audit-level=high
npx knip # Find unused dependencies
npm run test:licenses # Check license compliance
// ✅ SECURE: Generic error messages
catch (error) {
logger.error('Internal error details', { error });
return { error: 'An unexpected error occurred' };
}
// ❌ INSECURE: Leaking internals
catch (error) {
return { error: error.stack }; // Never expose stack traces
}
Core SDLC policies (authoritative — always cite the applicable ones in review comments):
Supporting policies (cite when applicable):
C4 architecture model, security architecture, Mermaid diagrams, SECURITY_ARCHITECTURE.md, and comprehensive documentation per Hack23 Secure Development Policy
AI-augmented development controls, GitHub Copilot governance, LLM security, AI-generated code review per Hack23 Secure Development Policy
EU AI Act compliance, OWASP LLM security, responsible AI practices for parliamentary data and MCP server applications
Enforce code quality with ESLint, TypeScript strict mode, Knip unused detection, and quality gates for MCP servers
ISO 27001, NIST CSF 2.0, CIS Controls v8.1, EU CRA compliance mapping, multi-standard alignment per Hack23 ISMS policies
Contribution process with PR workflow, code review standards, commit conventions, and open source best practices