Run any Skill in Manus with one click

security-review-gate

Use when implementation is complete or review is requested and the user may want a focused security review of the changed code

Run Skill in Manus

Overview

Use when implementation is complete or review is requested and the user may want a focused security review of the changed code

Install command

npx skills add https://github.com/alicankiraz1/Codex-Sentinel --skill security-review-gate

Copy and paste this command into Claude Code to install the skill

Source

alicankiraz1/Codex-Sentinel

Stars79

Forks6

UpdatedMarch 22, 2026 at 09:55

File Explorer

3 files

SKILL.md

readonly

name	security-review-gate
description	Use when implementation is complete or review is requested and the user may want a focused security review of the changed code

Security Review Gate

Overview

Run an advisory-only security review after implementation. This skill reports findings but does not block progress by default.

When to Use

the user says the code is done or ready for review
a feature was just implemented and needs a security pass
a delivery or release checkpoint is approaching and source-level review would help

Workflow

Ask once whether the user wants a focused security review, following ../codex-sentinel/references/interaction-model.md for language behavior when available.
If the user declines, stop and do not repeat the same offer in the same stage.
If the user accepts, treat that acceptance as consent for read-only active analysis within the current review scope and load references/review-categories.md.
If git and shell access are available, inspect changed code within the current repo-local scope using ../codex-sentinel/references/active-analysis.md. If git-backed active analysis is unavailable but shell reads still work, you may inspect files already visible in context or explicitly named by the user as a limited current-source fallback. If shell access is unavailable, stay description-based and note the fallback in assumptions.
Load ../shared/common-web-threats.md, ../shared/finding-schema.md, and a stack profile when relevant.
Report findings using the required fields from ../shared/finding-schema.md. Include evidence_source whenever code, diff, heuristic, or description evidence materially affected the conclusion.
End with a closing coverage note using the shared headings: Reviewed / Not reviewed / Assumptions / Tools run.

Guardrails

Do not block the user's progress automatically.
Do not call heuristic review output a scan result unless a real tool was run.
Do not equate no findings with security completeness.
Do not describe limited current-source fallback as diff-grounded active analysis.
Do not inspect code outside the accepted review scope just because it shares security-related keywords.
Do not hardcode a fixed English ask prompt in this skill.

More from this repository

same repository

codex-sentinel

alicankiraz1/Codex-Sentinel

Use when a repository wants stage-aware cybersecurity guidance during planning, risky implementation changes across authentication, authorization, tokens, secrets, middleware, outbound requests, file handling, CI, deployment, and other trust boundaries, post-implementation review, or pre-release hardening; do not trigger for doc-only, naming-only, formatting-only, or UI-only changes that do not affect a trust boundary

2026-03-2279

security-plan-gap

alicankiraz1/Codex-Sentinel

Use when defining plans, specs, or task breakdowns for web application work that may be missing security requirements

2026-03-2279

security-test-rig

alicankiraz1/Codex-Sentinel

Use when a feature or project is nearing handoff or release and the user may want a stack-aware security check plan without automatic setup

2026-03-2279

Source

alicankiraz1

alicankiraz1/Codex-Sentinel

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

Useful forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

Private Detectives and InvestigatorsL4

name	security-review-gate
description	Use when implementation is complete or review is requested and the user may want a focused security review of the changed code

Security Review Gate

Overview

Run an advisory-only security review after implementation. This skill reports findings but does not block progress by default.

When to Use

the user says the code is done or ready for review
a feature was just implemented and needs a security pass
a delivery or release checkpoint is approaching and source-level review would help

Workflow

Ask once whether the user wants a focused security review, following ../codex-sentinel/references/interaction-model.md for language behavior when available.
If the user declines, stop and do not repeat the same offer in the same stage.
If the user accepts, treat that acceptance as consent for read-only active analysis within the current review scope and load references/review-categories.md.
If git and shell access are available, inspect changed code within the current repo-local scope using ../codex-sentinel/references/active-analysis.md. If git-backed active analysis is unavailable but shell reads still work, you may inspect files already visible in context or explicitly named by the user as a limited current-source fallback. If shell access is unavailable, stay description-based and note the fallback in assumptions.
Load ../shared/common-web-threats.md, ../shared/finding-schema.md, and a stack profile when relevant.
Report findings using the required fields from ../shared/finding-schema.md. Include evidence_source whenever code, diff, heuristic, or description evidence materially affected the conclusion.
End with a closing coverage note using the shared headings: Reviewed / Not reviewed / Assumptions / Tools run.

Guardrails

Do not block the user's progress automatically.
Do not call heuristic review output a scan result unless a real tool was run.
Do not equate no findings with security completeness.
Do not describe limited current-source fallback as diff-grounded active analysis.
Do not inspect code outside the accepted review scope just because it shares security-related keywords.
Do not hardcode a fixed English ask prompt in this skill.