Execute qualquer Skill no Manus
com um clique

Execute qualquer Skill no Manus com um clique

$pwd:

security-review

Name: Security Review
Author: cosai-oasis

// Comprehensive security code review workflow for a target repository, producing a markdown report with findings and recommendations.

Executar no Manus

$ git log --oneline --stat

stars:203

forks:36

updated:30 de abril de 2026 às 15:18

Explorador de arquivos

2 arquivos

SKILL.md

readonly

name	security-review
description	Comprehensive security code review workflow for a target repository, producing a markdown report with findings and recommendations.
metadata	{"short-description":"Security code review report","framework":"Project CodeGuard","codeguard-source":"https://github.com/cosai-oasis/project-codeguard"}

Security Review

When to use

Use for a full codebase security review with prioritized findings, remediation guidance, and a formal report.

Inputs

Target repository path (first argument after invocation).
- Example: $security-review /path/to/repo
Security knowledge base source:
- Rules are sourced from Project CodeGuard, an open-source, model-agnostic security framework by CoSAI/OASIS.

If the repo path is missing or unclear, ask the user for it before proceeding.

Workflow

Load the security knowledge base from Project CodeGuard
- First read the Security_Code_Reviewer_Guidelines.md file bundled with this skill. Use its purpose and rule-loading strategy to guide the review.
- Load all core security rules from Project CodeGuard:
```
https://github.com/cosai-oasis/project-codeguard/tree/main/sources/rules/core
```
  These are mandatory foundational rules that must be loaded for every review.
- Load relevant OWASP rules for the detected tech stack from:
```
https://github.com/cosai-oasis/project-codeguard/tree/main/sources/rules/owasp
```
  Only load OWASP rules that match the target repository's technology stack.
Perform deep code analysis
- Review the repository line by line.
- Focus on: injection flaws, authn/authz, hardcoded secrets, crypto misuse, SSRF, path traversal, RCE vectors, XSS/CSRF, unsafe deserialization, insecure defaults/configuration, and supply chain issues.
Produce the report in markdown.

Report requirements

Executive Summary
- Total findings by severity (Critical/High/Medium/Low/Info)
- Top 5 most critical issues
- Overall security posture
Detailed Findings (for each issue)
- Title, Severity, Rule Reference(s), Location, Code Snippet
- Description, Impact, Remediation (with examples), References
Findings by Category
Recommendations
- Immediate actions, short-term (1-3 months), long-term improvements, tooling/process suggestions
Appendix
- Files reviewed, rules applied/coverage, methodology notes

Output

Save the report to:
- ./security_report/sec_review_<repo-name>_<YYYY-MM-DD_HH-mm-ss>.md
- Use the target repo folder name for <repo-name> and replace spaces with -.
- Write to the security_report folder in the current working directory.

related-skills.json

mesmo repositório

memory-safe-migration.md

from "cosai-oasis/project-codeguard"

Guide secure migration of code from memory-unsafe languages (C, C++, Assembly) to memory-safe languages (Rust, Go, Java, C#, Swift). Use when migrating or rewriting legacy C/C++ code, designing FFI boundaries between safe and unsafe code, writing new modules in existing C/C++ codebases, reviewing mixed-language projects, planning memory safety roadmaps, or when an AI agent is about to generate new C/C++ code that could be written in a memory-safe language instead. Also triggers on CISA/NSA memory safety compliance discussions.

2026-04-30203

codeguard-mcp-meta-skill.md

from "cosai-oasis/project-codeguard"

Instructs AI coding agents to invoke CodeGuard MCP Server security rules before writing or reviewing code.

2026-04-15203

software-security.md

from "cosai-oasis/project-codeguard"

A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.

2026-03-11203

package.json

"author": "cosai-oasis"

"repository": "cosai-oasis/project-codeguard"

Abrir repositório GitHub Ver repositórios do creator

$ install --global

$ download --local

Executar no Manus

$ useful --forSOC

Analistas de garantia de qualidade de software e testadoresInformática e Matemática15-1253L4

Security Review

When to use

Use for a full codebase security review with prioritized findings, remediation guidance, and a formal report.

Inputs

Target repository path (first argument after invocation).

Example: $security-review /path/to/repo

Security knowledge base source:

Rules are sourced from Project CodeGuard, an open-source, model-agnostic security framework by CoSAI/OASIS.

If the repo path is missing or unclear, ask the user for it before proceeding.

Workflow

Load the security knowledge base from Project CodeGuard

First read the Security_Code_Reviewer_Guidelines.md file bundled with this skill. Use its purpose and rule-loading strategy to guide the review.
Load all core security rules from Project CodeGuard:
```
https://github.com/cosai-oasis/project-codeguard/tree/main/sources/rules/core
```
These are mandatory foundational rules that must be loaded for every review.
Load relevant OWASP rules for the detected tech stack from:
```
https://github.com/cosai-oasis/project-codeguard/tree/main/sources/rules/owasp
```
Only load OWASP rules that match the target repository's technology stack.

Perform deep code analysis

Review the repository line by line.
Focus on: injection flaws, authn/authz, hardcoded secrets, crypto misuse, SSRF, path traversal, RCE vectors, XSS/CSRF, unsafe deserialization, insecure defaults/configuration, and supply chain issues.

Produce the report in markdown.

Report requirements

Executive Summary

Total findings by severity (Critical/High/Medium/Low/Info)
Top 5 most critical issues
Overall security posture

Detailed Findings (for each issue)

Title, Severity, Rule Reference(s), Location, Code Snippet
Description, Impact, Remediation (with examples), References

Findings by Category

Recommendations

Immediate actions, short-term (1-3 months), long-term improvements, tooling/process suggestions

Appendix

Files reviewed, rules applied/coverage, methodology notes

Output

Save the report to:

./security_report/sec_review_<repo-name>_<YYYY-MM-DD_HH-mm-ss>.md
Use the target repo folder name for <repo-name> and replace spaces with -.
Write to the security_report folder in the current working directory.

security-review

Security Review

When to use

Inputs

Workflow

Report requirements

Output

Mais deste repositório

Mais deste repositório

Security Review

When to use

Inputs

Workflow

Report requirements

Output