원클릭으로
security-review
Security scanning and vulnerability assessment — standardized code security review playbook
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Security scanning and vulnerability assessment — standardized code security review playbook
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Continuously improves the project by checking docs (web, Context7, opencode), using LSPs for code context, monitoring skills/plugins/scripts, and adapting best practices.
Continuity management — preserves context, maintains thermal maps, and serializes states across sessions
Read diffs carefully, identify risks, and produce review feedback that is specific and actionable.
Write accurate docs, keep references current, and capture verified behavior only.
Branching, rebasing, commit hygiene, and review-friendly history for agency delivery.
Use the language server for precise navigation, symbol lookup, refactoring, and diagnostics.
| name | security-review |
| description | Security scanning and vulnerability assessment — standardized code security review playbook |
| license | MIT |
| compatibility | opencode |
| metadata | {"audience":"developers","workflow":"security"} |
This skill provides a standardized, context-efficient playbook for the Build or Architect agents to perform code security reviews before pushing to the repository. It focuses on identifying vulnerabilities in Systems Code, Backend PHP Framework, and Modern JS Framework specific to the project's Phase constraints.
/security-review.git commit or merging a Phase branch.git MCP to identify all modified files in the current working tree.innerHTML) and improper state mutations.assets/report-template.md.assets/report-template.md to format your findings. This ensures consistent, machine-readable outputs that the Documentarian can log into the Knowledge Graph.Do not output raw code fixes in the initial report unless explicitly requested. Provide the vulnerability path and the conceptual fix. Wait for the user to authorize the Build agent to apply the fixes.