원클릭으로
secure-code-review
Security code review using OWASP Top 10, input validation, and Hack23 ISMS secure development policy for TypeScript/MCP
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Security code review using OWASP Top 10, input validation, and Hack23 ISMS secure development policy for TypeScript/MCP
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
C4 architecture model, security architecture, Mermaid diagrams, SECURITY_ARCHITECTURE.md, and comprehensive documentation per Hack23 Secure Development Policy
AI-augmented development controls, GitHub Copilot governance, LLM security, AI-generated code review per Hack23 Secure Development Policy
EU AI Act compliance, OWASP LLM security, responsible AI practices for parliamentary data and MCP server applications
Enforce code quality with ESLint, TypeScript strict mode, Knip unused detection, and quality gates for MCP servers
ISO 27001, NIST CSF 2.0, CIS Controls v8.1, EU CRA compliance mapping, multi-standard alignment per Hack23 ISMS policies
Contribution process with PR workflow, code review standards, commit conventions, and open source best practices
| name | secure-code-review |
| description | Security code review using OWASP Top 10, input validation, and Hack23 ISMS secure development policy for TypeScript/MCP |
| license | Apache-2.0 |
Conduct thorough security code reviews for TypeScript MCP server code, identifying vulnerabilities before production.
// ✅ SECURE: Zod schema validation
import { z } from 'zod';
const InputSchema = z.object({
id: z.number().int().positive(),
name: z.string().min(1).max(255),
country: z.string().length(2)
});
// ❌ INSECURE: No validation
function getUser(id: any) { return db.query(`SELECT * FROM users WHERE id = ${id}`); }
npm audit --audit-level=high
npx knip # Find unused dependencies
npm run test:licenses # Check license compliance
// ✅ SECURE: Generic error messages
catch (error) {
logger.error('Internal error details', { error });
return { error: 'An unexpected error occurred' };
}
// ❌ INSECURE: Leaking internals
catch (error) {
return { error: error.stack }; // Never expose stack traces
}
Core SDLC policies (authoritative — always cite the applicable ones in review comments):
Supporting policies (cite when applicable):