ワンクリックで
security-review
Security-focused PR review for vulnerabilities and best practices. Invokes the Security Reviewer agent (Shield).
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Security-focused PR review for vulnerabilities and best practices. Invokes the Security Reviewer agent (Shield).
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | security-review |
| description | Security-focused PR review for vulnerabilities and best practices. Invokes the Security Reviewer agent (Shield). |
| disable-model-invocation | true |
| argument-hint | <pr-number> [repo] |
| allowed-tools | Bash, Read, Grep, Glob |
Review a pull request specifically for security vulnerabilities and best practices.
This skill performs semantic code navigation — finding definitions, walking references, tracing handlers across modules. With LSP enabled (ENABLE_LSP_TOOL=1 + per-language plugin per docs/getting-started.md), queries are ~3-15× cheaper in token cost than grep + Read. Without LSP, the skill falls back to grep + Read transparently — no new failure mode, just optional speed.
Per-language LSP plugins live in Claude Code's marketplace. Install once; the skill detects the active language and dispatches automatically.
When /security-review runs:
.claude/agents/security-reviewer.md — runs the automated security checklist./security-review is explicitly invoked.See .claude/rules/role-triggers.md for the full activation protocol.
/security-review 42
/security-review 42 your-org/your-repo
Invoke for PRs that touch:
Before spawning the Security Reviewer agent, write the active-reviewer session marker so warn-review-marker-write.sh lets a *-security.approved write through the blocking marker gate (same mechanism as /code-review's rex marker). At skill entry:
ops_root=$(git rev-parse --show-toplevel)
r="$ops_root"
while [ -n "$r" ] && [ "$r" != "/" ]; do
[ -f "$r/.apexyard-fork" ] && { ops_root="$r"; break; }
[ -f "$r/onboarding.yaml" ] && [ -f "$r/apexyard.projects.yaml" ] && { ops_root="$r"; break; }
r=$(dirname "$r")
done
mkdir -p "$ops_root/.claude/session"
printf '%s\n' "<owner/repo>#<pr>:security" > "$ops_root/.claude/session/active-reviewer"
On skill exit (after the review is posted), clear the marker:
rm -f "$ops_root/.claude/session/active-reviewer"
Without this marker, a build-class sub-agent attempting the same write is correctly blocked — see .claude/hooks/warn-review-marker-write.sh and .claude/rules/pr-workflow.md § "Build agents cannot self-review".
dangerouslySetInnerHTMLeval() with user input| Level | Action |
|---|---|
| CRITICAL | Block PR immediately |
| HIGH | Block PR, require fix |
| MEDIUM | Warn, recommend fix |
| LOW | Informational |
Posts a GitHub review with:
Invokes: Security Reviewer Agent (Shield)
After the Security Reviewer agent posts the review — through the tracker-agnostic tracker_review_submit (gh PR / glab MR / custom host — #763), not a hardcoded gh pr review — persist a structured artefact via the shared audit-history lib so the security-review trend across PRs becomes legible. See docs/agdr/AgDR-0019-audit-artefact-persistence.md for the schema rationale.
<project-name> is the project's registered name in apexyard.projects.yaml, derived from the PR's repo. If the project isn't registered, use the basename of the repo and tell the operator to /handover it for cross-machine trend continuity.
Compute a single headline score from the severity distribution of the findings in the review:
score = max(0, 100 - 25*critical - 10*high - 3*medium - 1*low)
Compute the verdict by the worst-severity rule:
| Worst severity present | Verdict |
|---|---|
| critical or high | fail |
| medium only | conditional |
| low only / none | pass |
source "$(git rev-parse --show-toplevel)/.claude/hooks/_lib-audit-history.sh"
# Lowercase severity in the payload — the lib's stats derivation expects
# critical / high / medium / low / info. The visible review on the PR
# can use whatever capitalisation reads best.
payload=$(mktemp); cat > "$payload" <<'EOF'
{
"schema_version": 1,
"findings": [
{"id": "F1", "severity": "critical", "status": "open", "summary": "Unsanitised user input in SQL"},
{"id": "F2", "severity": "high", "status": "open", "summary": "JWT signature not verified"}
]
}
EOF
# Body: a markdown summary of the security review for this PR, formatted
# per templates/audits/security-review.md. Include the diff scope, findings
# table, dependency vulnerabilities, secrets-scan results, and recommendations.
body=$(mktemp); cat > "$body" <<'EOF'
## Scope
PR <number>; reviewed `<branch>..main` (X files, Y +/- lines).
## Findings
| # | Severity | OWASP class | Finding | File:Line | Status |
|---|---|---|---|---|---|
| F1 | critical | A03 Injection | Unsanitised user input concatenated into SQL | `src/users.ts:42` | open |
| F2 | high | A07 Auth failure | JWT signature not verified | `src/auth.ts:18` | open |
## Dependency vulnerabilities
(... output of `npm audit` or `pip audit` for critical+high ...)
## Secrets scan
(... checks per templates/audits/security-review.md ...)
## Recommendations
1. F1 — fix injection vector before merge
2. F2 — verify JWT signatures
EOF
ts=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
audit_run_persist "<project-name>" "security-review" "$ts" "fail" 50 "$body" < "$payload"
rm -f "$payload" "$body"
audit_render_trend "<project-name>" "security-review" 5
score over time) to stdout. Append it to this run's MD artefact so the PR-by-PR security trend is visible.By default the dimension's runs/ JSON files are gitignored. The lib applies a .gitignore based on the presence of the marker:
# Opt in to commit security-review history for this project
touch projects/<name>/audits/security-review/.audit-history-tracked
The MD artefacts at <dim_dir>/<ts>.md are committed regardless — they are the durable human-readable artefact of every PR's security review.
Part of ApexYard — multi-project SDLC framework for Claude Code · MIT.
Review a PR for quality, security, and standards compliance. Invokes the Code Reviewer agent (Rex).
Review a technical design / migration AgDR / feature spec for architectural soundness BEFORE the Build phase. Invokes the Solution Architect agent (Tariq) — the non-code analog of /code-review.
Score a review agent (Rex/Hakim/Tariq) against a labeled PR corpus — ground-truth defect-set overlap, never a prose rubric. Headline metric is approve-precision.
Record per-PR design-review approval (UI merge gate). ONLY on an explicit per-PR designer "approved".
Record per-PR CEO approval and merge in one turn. ONLY on an explicit per-PR "approved" — never on umbrella "go".
Generate C4 L1 (Context) + L2 (Container) Mermaid diagrams from a project's codebase. Structurizr DSL escape hatch (--dsl) for L3+ component precision.