원클릭으로
security-audit
Use this skill for security reviews of VoxBento code. Covers OWASP Top 10 and VoxBento-specific threat model.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Use this skill for security reviews of VoxBento code. Covers OWASP Top 10 and VoxBento-specific threat model.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | security-audit |
| description | Use this skill for security reviews of VoxBento code. Covers OWASP Top 10 and VoxBento-specific threat model. |
Use this skill for security reviews of VoxBento code. Covers OWASP Top 10 and VoxBento-specific threat model.
| Actor | Capability | Risk |
|---|---|---|
| Anonymous user | Reaches public routes (/, /register, /login, /healthz, /ws/captions/*) | Low |
| Authenticated user | Joins events they are assigned to | Low |
| Malicious invite token holder | Uses token for different booth | Mitigated by WS scope check |
| Rogue interpreter | Tries to go live without being active | Mitigated by _resolve_whip_url |
| Admin with access | Full event/user management | Inherently trusted |
| Network attacker | MITM on HTTP connections | Use HTTPS/TLS in production |
Depends(require_admin).require_admin checks user_token (is_admin or event_admin) then admin_token.check_publish_permission in BoothRegistry).booth:set-active: only coordinator or current active can reassign.session_token.event_slug + language_code must match booth_id.session.granted_role used — never data['role'].granted_role = None → 403 (not just redirect).JWT_SECRET / SECRET_KEY are not default values in production.API_KEY_ENCRYPTION_KEY is not "change-this-encryption-key-in-production" (raises RuntimeError if default).admin_password / jwt_secret not logged.validate_event_slug, validate_language_code).debug: bool = True in default settings — must be False in production.BOOTH_ACCESS_TOKEN unset = no token guard on API; set it in production if API is public.ADMIN_PASSWORD must be set; empty string disables admin login (see portal/routers/auth.py).database_url default is SQLite — use PostgreSQL in production.SECRET_KEY: str = 'change-me' — must be overridden./login or /register (see TD-08 in TECHNICAL_DEBT_REPORT.md).user.is_active checked on login — deactivated users cannot log in.jwt_expiry_seconds default 86400 = 24h).httponly=True, samesite='lax' on all auth cookies.secure=True on cookies in code — must be added for HTTPS deployments or handled by reverse proxy._check_mediamtx() and _ensure_mediamtx_path() use settings.mediamtx_api_base — hardcoded from config, not user input._make_jitsi_url(base_url, room) — base_url is from settings; room is from DB (admin-entered, not end-user).All redirects in portal/routers/ must use safe_redirect(url):
def safe_redirect(url: str, status_code: int) -> RedirectResponse:
url = url.replace('\\', '').strip()
parsed = urlparse(url)
if url and not parsed.netloc and not parsed.scheme and url.startswith('/'):
return RedirectResponse(url=url, status_code=status_code)
return RedirectResponse(url='/', status_code=status_code)
Check next_url / next parameter usage:
grep -rn "next_url\|next=" portal/routers/
Ensure all uses pass through safe_redirect.
| Cookie | httponly | samesite | secure |
|---|---|---|---|
session_token | ✓ | lax | ✗ (set by reverse proxy TLS) |
user_token | ✓ | lax | ✗ |
admin_token | ✓ | lax | ✗ |
Production hardening: ensure TLS termination at Caddy/nginx level; add Strict-Transport-Security header.
VoxBento does not directly pass user input to LLM APIs. Transcription providers receive audio (PCM bytes), not text, from the server. There is no LLM chain in the current implementation.
# Check for raw redirects (should be none)
grep -rn "RedirectResponse(url=" portal/routers/ | grep -v safe_redirect
# Check for debug=True in production settings
grep -n "debug" portal/config.py
# Check JWT secret default
grep -n "change-me\|secret_key" portal/config.py
# Check no inline scripts in templates
grep -rn "<script>" templates/
Use this skill to evaluate proposed architecture changes against VoxBento's design principles.
Use this skill to find files, understand module ownership, and locate code in VoxBento.
Use this skill to analyse, audit, or modify HTTP and WebSocket routes in VoxBento. All routes live in `portal/routers/`.
Use this skill for tasks involving transcription providers, caption streaming, or the audio pipeline. Reference: `portal/transcription/`, [TRANSCRIPTION_MAP.md](../../context/TRANSCRIPTION_MAP.md).
Use this skill to analyse, audit, or modify database models, migrations, and CRUD helpers. Reference: `portal/models.py`, `portal/database.py`, `alembic/versions/`.
Use this skill to review deployments, validate production readiness, or assist with deployment procedures. Reference: `DEPLOYMENT_GUIDE.md`, `docker-compose.yml`, `Caddyfile`, `Dockerfile`.