원클릭으로
security-reviewer
Lightweight security review for agent work: secrets hygiene, safe logging, least privilege, and threat-model-lite checks.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Lightweight security review for agent work: secrets hygiene, safe logging, least privilege, and threat-model-lite checks.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Short-lived feature branches; TDD + lint + merge-ready command as exit criteria before commit; push and merge to main (or user-directed flow). Do not default to asking the user to open a PR. Use when implementing a feature or non-trivial fix, when the user asks for branch/git workflow, or after substantial edits that should not stay uncommitted.
Change-aware quality pass: diff scope, readability, function size and control flow, comments where non-obvious, and alignment with project linting. Use before merge or with handoff when the user wants industry-style maintainability beyond what tests assert.
Define and maintain lightweight evaluations (acceptance criteria, regression checks, golden tests) so “green” is objective and repeatable.
Evidence-driven debugging/incident workflow: reproduce, isolate, minimize, fix, verify, and prevent regressions.
Establish lightweight release discipline: definition of merge-ready, versioning/changelog habits, and safe rollout/rollback practices.
Maintain a lightweight risk register (top risks, triggers, mitigations, rollback) to prevent scope drift and improve decision quality.
| name | security-reviewer |
| description | Lightweight security review for agent work: secrets hygiene, safe logging, least privilege, and threat-model-lite checks. |
Use this skill when:
Goal: prevent accidental secret leaks and reduce obvious security footguns.
Secrets hygiene
.env, tokens, passwords, API keys).Safe logging
Least privilege
Attack surface