원클릭으로
security-reviewer
Lightweight security review for agent work: secrets hygiene, safe logging, least privilege, and threat-model-lite checks.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Lightweight security review for agent work: secrets hygiene, safe logging, least privilege, and threat-model-lite checks.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Change-aware quality pass: diff scope, readability, function size and control flow, comments where non-obvious, and alignment with project linting. Use before merge or with handoff when the user wants industry-style maintainability beyond what tests assert.
Review code changes for correctness, security, project conventions, and maintainability. Use when reviewing a diff, before commit, or when the user asks for a code review.
Receiving-agent protocol. Boots a new agent into the minimum correct context (select + isolate) and produces a clear next-step plan without guessing.
Define and maintain lightweight evaluations (acceptance criteria, regression checks, golden tests) so "green" is objective and repeatable.
Validates a game or interactive product for playability, clarity, feedback, and scale-readiness. Use at milestones, before large scope changes, or when the user asks if the product feels ready or is ready to scale.
Short-lived feature branches; TDD + lint + merge-ready command as exit criteria before commit; push and merge to main (or user-directed flow). Do not default to asking the user to open a PR. Use when implementing a feature or non-trivial fix, when the user asks for branch/git workflow, or after substantial edits that should not stay uncommitted.
| name | security-reviewer |
| description | Lightweight security review for agent work: secrets hygiene, safe logging, least privilege, and threat-model-lite checks. |
Use this skill when:
Goal: prevent accidental secret leaks and reduce obvious security footguns.
Secrets hygiene
.env, tokens, passwords, API keys).Safe logging
Least privilege
Attack surface