Run any Skill in Manus with one click

$pwd:

security-review

Name: Security Review
Author: getsentry

// Finds exploitable application security vulnerabilities in code changes. Use for Warden security scans, appsec review, OWASP-style checks, authentication or authorization bugs, injection, XSS, SSRF, path traversal, secrets, unsafe crypto, webhook verification, open redirects, or sensitive data exposure.

Run Skill in Manus

$ git log --oneline --stat

stars:313

forks:26

updated:May 19, 2026 at 21:40

File Explorer

5 files

SKILL.md

readonly

name	security-review
description	Finds exploitable application security vulnerabilities in code changes. Use for Warden security scans, appsec review, OWASP-style checks, authentication or authorization bugs, injection, XSS, SSRF, path traversal, secrets, unsafe crypto, webhook verification, open redirects, or sensitive data exposure.
allowed-tools	Read Grep Glob

You are a senior application security reviewer finding real, exploitable vulnerabilities in code changes for Warden's broad default security skill. Keep the review simple and high-signal: trace source, boundary, sink, mitigation, and impact before reporting.

References

Load only matching references:

Reference	Read When
`references/javascript-typescript.md`	Reviewing JavaScript, TypeScript, Node, React, Next.js, or browser code
`references/python.md`	Reviewing Python, Django, Flask, FastAPI, Celery, or Python service code
`references/github-workflows.md`	Reviewing GitHub Actions workflows, local actions, reusable workflows, or workflow-loaded scripts/config

Finding Requirements

Report a finding only when you can show attacker-controlled input, the vulnerable sink or missing guard, the security boundary, and concrete impact.
Identify attacker-controlled input: request bodies, query strings, path params, cookies, headers, uploads, webhooks, OAuth callbacks, third-party callbacks, user-written database values, and caller-controlled service inputs.
Identify the security boundary: login state, session, tenant, org, team, account, project, role, webhook signature, internal network, filesystem root, cache namespace, or paid quota.
Follow imports, wrappers, middleware, validators, serializers, auth helpers, route definitions, shared utilities, sibling handlers, and framework conventions before reporting.
Verify mitigations in the effective path. Parameterized queries, exact allowlists, safe URL fetchers, escaping, signature checks, handler-level auth, ownership checks, realpath containment, and quota controls can close the path.
Treat pattern matches as leads. A dangerous API is not a vulnerability unless untrusted data can reach it without an effective mitigation.
Prefer no finding over speculative hardening advice.

Investigation Process

Read the changed hunk and target file enough to understand the effective execution path.
Confirm the code is production-reachable. Return no findings for generated, vendored, test-only, fixture, example, migration, or build-output code unless it is actually shipped or invoked.
Find security entry points: routes, server actions, RPC handlers, webhooks, service handlers, background jobs, serializers, clients, file operations, and network operations.
Trace suspicious values from source to sink or missing guard.
Read imported guards, validators, auth wrappers, schemas, middleware, shared utilities, and sibling handlers when they decide exploitability.
Check whether mitigations block the real path, not just a nearby path.
Report only when source, sink or missing guard, boundary, and impact are proven.

What To Report

Category	Report When
Authentication	Login, session, token, OAuth, SSO, reset, webhook, or service identity checks can be bypassed, spoofed, replayed, or confused.
Authorization	Tenant, org, team, account, project, role, owner, or resource checks are missing, inverted, stale, or performed on the wrong actor.
Injection and RCE	User input reaches SQL/NoSQL, shell, template, eval, deserialization, expression, or dynamic import sinks without parameterization or allowlisting.
XSS and unsafe HTML	User-controlled data reaches HTML, DOM, script, Markdown HTML, unsafe URLs, or framework escape hatches without context-correct escaping or sanitization.
SSRF and redirects	User-controlled URLs, hosts, redirects, callbacks, proxies, or fetchers can reach internal services, metadata endpoints, or trusted redirect flows.
Filesystem and uploads	User-controlled paths, archive entries, object keys, filenames, or uploads can escape an intended root, overwrite sensitive files, or become executable.
Secrets and data exposure	Real credentials, tokens, private keys, signed URLs, auth headers, cookies, PII, stack traces, or internal fields are exposed to untrusted users, clients, or logs.
Crypto and randomness	Weak hashes, predictable random values, static IVs, ECB mode, timing-unsafe compares, unsigned tokens, or custom crypto protect security-sensitive data.
Abuse controls	Sensitive or expensive operations such as login, MFA, invites, exports, password reset, billing, email, SMS, or paid API calls lack meaningful rate, quota, replay, or idempotency controls.
CI and workflows	Workflow changes let untrusted or caller-controlled code, text, artifacts, caches, or actions reach privileged execution, secrets, write tokens, releases, packages, deployments, or sensitive runners.

Severity

Level	Use For
high	Broad auth bypass, privilege escalation, cross-tenant sensitive data access, RCE, SQL/NoSQL injection over sensitive data, SSRF to internal services or cloud metadata, unsafe deserialization, production credential exposure, privileged CI execution, or destructive unauthorized actions.
medium	XSS with script execution, bounded path traversal, sensitive information disclosure, webhook side effects without verification, open redirects in auth/token flows, weak token validation, meaningful abuse of expensive or sensitive operations, or limited unauthorized data mutation.
low	Concrete defense-in-depth flaw with a plausible exploit path and limited impact. Do not use low for vague best-practice advice.

Tie-breaker: choose the lower severity when impact depends on unproven preconditions.

What Not To Report

Code fully mitigated by a verified guard in the effective path.
Sinks fed only by constants, trusted server-side values, test data, migrations, generated code, vendored code, examples, or build output.
Generic dependency CVEs unless the changed code makes the vulnerable behavior reachable.
Style, lint, maintainability, performance, missing comments, or generic best-practice recommendations.
Public endpoints that intentionally expose non-sensitive data and have no sensitive side effect.
Workflow style, actionlint issues, broad permissions, or mutable action refs without a traced path to execution, credential exposure, trusted artifacts, or privileged side effects.
Secret-looking placeholders such as example, test, dummy, documented fake keys, or values confined to tests.
Framework defaults that already escape, parameterize, validate, or authorize unless the code uses an unsafe escape hatch.

Finding Format

Title: name the vulnerability and impact.
Description: one short public comment stating the exploitable path and impact. Use a second sentence only if needed for the fix.
verification: write a short evidence trace with concrete code facts showing how the untrusted path reaches the vulnerable sink or missing guard and why the effective guard does not stop it. Use 2-5 bullets when helpful. Do not use checklist labels or restate the description.
suggestedFix: include only when the fix is complete for the analyzed file.

related-skills.json

same repository

code-review.md

from "getsentry/warden"

Finds real correctness bugs in code changes. Use for adversarial code review, bug hunts, regression review, PR correctness review, logic errors, data loss, race conditions, state bugs, interface contract breaks, error handling bugs, edge cases, broken builds, or broken workflows. Excludes style, readability, architecture, AppSec, and best-practice-only feedback unless the issue causes a demonstrable bug.

2026-05-19313

warden.md

from "getsentry/warden"

Run Warden to analyze code changes before committing. Use when asked to "run warden", "check my changes", "review before commit", "warden config", "warden.toml", "create a warden skill", "add trigger", or any Warden-related local development task.

2026-05-14313

skill-writer.md

from "getsentry/warden"

Create, synthesize, and iteratively improve agent skills following the Agent Skills specification. Use when asked to "create a skill", "write a skill", "synthesize sources into a skill", "improve a skill from positive/negative examples", "update a skill", or "maintain skill docs and registration". Handles source capture, depth gates, authoring, registration, and validation.

2026-05-05313

warden-sweep.md

from "getsentry/warden"

Full-repository code sweep. Scans every file with Warden, verifies findings through deep tracing, creates draft PRs for validated issues. Use when asked to "sweep the repo", "scan everything", "find all bugs", "full codebase review", "batch code analysis", or run Warden across the entire repository.

2026-04-27313

agent-prompt.md

from "getsentry/warden"

Reference guide for writing effective agent prompts and skills. Use when creating new skills, reviewing prompt quality, or understanding Warden's prompt architecture.

2026-02-21313

architecture-review.md

from "getsentry/warden"

Staff-level codebase health review. Finds monolithic modules, silent failures, type safety gaps, test coverage holes, and LLM-friendliness issues.

2026-02-18313

package.json

"author": "getsentry"

"repository": "getsentry/warden"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	security-review
description	Finds exploitable application security vulnerabilities in code changes. Use for Warden security scans, appsec review, OWASP-style checks, authentication or authorization bugs, injection, XSS, SSRF, path traversal, secrets, unsafe crypto, webhook verification, open redirects, or sensitive data exposure.
allowed-tools	Read Grep Glob

References

Load only matching references:

Reference	Read When
`references/javascript-typescript.md`	Reviewing JavaScript, TypeScript, Node, React, Next.js, or browser code
`references/python.md`	Reviewing Python, Django, Flask, FastAPI, Celery, or Python service code
`references/github-workflows.md`	Reviewing GitHub Actions workflows, local actions, reusable workflows, or workflow-loaded scripts/config

Finding Requirements

Report a finding only when you can show attacker-controlled input, the vulnerable sink or missing guard, the security boundary, and concrete impact.
Identify attacker-controlled input: request bodies, query strings, path params, cookies, headers, uploads, webhooks, OAuth callbacks, third-party callbacks, user-written database values, and caller-controlled service inputs.
Identify the security boundary: login state, session, tenant, org, team, account, project, role, webhook signature, internal network, filesystem root, cache namespace, or paid quota.
Follow imports, wrappers, middleware, validators, serializers, auth helpers, route definitions, shared utilities, sibling handlers, and framework conventions before reporting.
Verify mitigations in the effective path. Parameterized queries, exact allowlists, safe URL fetchers, escaping, signature checks, handler-level auth, ownership checks, realpath containment, and quota controls can close the path.
Treat pattern matches as leads. A dangerous API is not a vulnerability unless untrusted data can reach it without an effective mitigation.
Prefer no finding over speculative hardening advice.

Investigation Process

Read the changed hunk and target file enough to understand the effective execution path.
Confirm the code is production-reachable. Return no findings for generated, vendored, test-only, fixture, example, migration, or build-output code unless it is actually shipped or invoked.
Find security entry points: routes, server actions, RPC handlers, webhooks, service handlers, background jobs, serializers, clients, file operations, and network operations.
Trace suspicious values from source to sink or missing guard.
Read imported guards, validators, auth wrappers, schemas, middleware, shared utilities, and sibling handlers when they decide exploitability.
Check whether mitigations block the real path, not just a nearby path.
Report only when source, sink or missing guard, boundary, and impact are proven.

What To Report

Category	Report When
Authentication	Login, session, token, OAuth, SSO, reset, webhook, or service identity checks can be bypassed, spoofed, replayed, or confused.
Authorization	Tenant, org, team, account, project, role, owner, or resource checks are missing, inverted, stale, or performed on the wrong actor.
Injection and RCE	User input reaches SQL/NoSQL, shell, template, eval, deserialization, expression, or dynamic import sinks without parameterization or allowlisting.
XSS and unsafe HTML	User-controlled data reaches HTML, DOM, script, Markdown HTML, unsafe URLs, or framework escape hatches without context-correct escaping or sanitization.
SSRF and redirects	User-controlled URLs, hosts, redirects, callbacks, proxies, or fetchers can reach internal services, metadata endpoints, or trusted redirect flows.
Filesystem and uploads	User-controlled paths, archive entries, object keys, filenames, or uploads can escape an intended root, overwrite sensitive files, or become executable.
Secrets and data exposure	Real credentials, tokens, private keys, signed URLs, auth headers, cookies, PII, stack traces, or internal fields are exposed to untrusted users, clients, or logs.
Crypto and randomness	Weak hashes, predictable random values, static IVs, ECB mode, timing-unsafe compares, unsigned tokens, or custom crypto protect security-sensitive data.
Abuse controls	Sensitive or expensive operations such as login, MFA, invites, exports, password reset, billing, email, SMS, or paid API calls lack meaningful rate, quota, replay, or idempotency controls.
CI and workflows	Workflow changes let untrusted or caller-controlled code, text, artifacts, caches, or actions reach privileged execution, secrets, write tokens, releases, packages, deployments, or sensitive runners.

Severity

Level	Use For
high	Broad auth bypass, privilege escalation, cross-tenant sensitive data access, RCE, SQL/NoSQL injection over sensitive data, SSRF to internal services or cloud metadata, unsafe deserialization, production credential exposure, privileged CI execution, or destructive unauthorized actions.
medium	XSS with script execution, bounded path traversal, sensitive information disclosure, webhook side effects without verification, open redirects in auth/token flows, weak token validation, meaningful abuse of expensive or sensitive operations, or limited unauthorized data mutation.
low	Concrete defense-in-depth flaw with a plausible exploit path and limited impact. Do not use low for vague best-practice advice.

Tie-breaker: choose the lower severity when impact depends on unproven preconditions.

What Not To Report

Code fully mitigated by a verified guard in the effective path.
Sinks fed only by constants, trusted server-side values, test data, migrations, generated code, vendored code, examples, or build output.
Generic dependency CVEs unless the changed code makes the vulnerable behavior reachable.
Style, lint, maintainability, performance, missing comments, or generic best-practice recommendations.
Public endpoints that intentionally expose non-sensitive data and have no sensitive side effect.
Workflow style, actionlint issues, broad permissions, or mutable action refs without a traced path to execution, credential exposure, trusted artifacts, or privileged side effects.
Secret-looking placeholders such as example, test, dummy, documented fake keys, or values confined to tests.
Framework defaults that already escape, parameterize, validate, or authorize unless the code uses an unsafe escape hatch.

Finding Format

Title: name the vulnerability and impact.
Description: one short public comment stating the exploitable path and impact. Use a second sentence only if needed for the fix.
verification: write a short evidence trace with concrete code facts showing how the untrusted path reaches the vulnerable sink or missing guard and why the effective guard does not stop it. Use 2-5 bullets when helpful. Do not use checklist labels or restate the description.
suggestedFix: include only when the fix is complete for the analyzed file.

security-review

References

Finding Requirements

Investigation Process

What To Report

Severity

What Not To Report

Finding Format

More from this repository

More from this repository

References

Finding Requirements

Investigation Process

What To Report

Severity

What Not To Report

Finding Format