Run any Skill in Manus with one click

$pwd:

security-review

Name: Security Review
Author: ohdearquant

// Threat-model rubric for a focused security review of a code change. Use when reviewing auth / input validation / crypto / secrets / supply chain, or as the "security" dimension of a multi-perspective PR review. Pull this skill before starting so severity calibration and coverage stay consistent.

Run Skill in Manus

$ git log --oneline --stat

stars:398

forks:76

updated:May 23, 2026 at 23:40

File Explorer

2 files

SKILL.md

readonly

name	security-review
description	Threat-model rubric for a focused security review of a code change. Use when reviewing auth / input validation / crypto / secrets / supply chain, or as the "security" dimension of a multi-perspective PR review. Pull this skill before starting so severity calibration and coverage stay consistent.
allowed-tools	["Bash","Read","Glob","Grep"]

Security review procedure

A focused rubric for security review of a code change. Designed as the "security" specialist dimension of a multi-perspective PR review, but applies equally to a standalone audit.

Scope

Review ONLY your assigned diff (or module). Cross-module concerns go to the architecture specialist; correctness bugs without security impact go to correctness.

Checklist summary (10 sections)

Authentication & authorization — endpoint auth checks, session tokens, RBAC, fail-closed, multi-tenant
Input validation — type/range/length/encoding, parameterization, regex anchoring, structured data parsers
Data exposure — error messages, logs, response fields, timing/cache leaks
Crypto & secrets — hardcoded keys, safe defaults, weak primitives, random vs secrets, password hashing
Injection — SQL, shell, LDAP, template, HTML/XSS
File / path handling — path containment, zip-slip, temp files, symlinks
Supply chain — typosquatting, pinned versions, endpoint validation
Deserialization & parsers — pickle, yaml.load, eval, exec, XXE
Race conditions / TOCTOU — atomic file operations, lock scope
Denial of service — unbounded loops on user input, rate limiting

See threat-model.md for full per-section detail and CWE mapping.

Severity calibration

CRITICAL — exploitable now, no special conditions: auth bypass, RCE, full data exposure
HIGH — data exposure / auth gap requiring specific conditions
MEDIUM — mis-scoped tokens, weak validation, missing rate limit
LOW — defense-in-depth hardening
INFO — notes for future consideration

Rule of thumb: CRITICAL vs HIGH — user action required to exploit? No = CRITICAL, chained = HIGH. HIGH vs MEDIUM — exploitable at attacker's expected access level? Yes = HIGH, needs escalation = MEDIUM.

Output format

Severity	Location	Description	Suggested fix	Confidence	Runtime-context caveats
HIGH	`file.py:112`	Path not containment-checked	resolve() + relative_to(root)	High	Requires malicious planner output

Verdict at top: APPROVE | REQUEST CHANGES | REJECT. Cite file:line. Reference CWE where clear (CWE-22 path traversal, CWE-89 SQLi).

Ground rules

Don't invent requirements.
Flag runtime context you need but can't see.
Be honest about confidence.
Review against committed HEAD of the PR branch.

related-skills.json

same repository

debug.md

from "ohdearquant/lionagi"

Systematic debug workflow: research → orchestrate agents → escalate. Suggest when: stuck after 2-3 attempts, unfamiliar tooling, tempted to "try random things", or errors don't match documentation.

2026-05-23398

orchestrate.md

from "ohdearquant/lionagi"

Plan and execute multi-agent workflows using lionagi's CLI: li o flow (DAG pipelines), li o fanout (parallel workers), and li play (playbook invocations). Use when a task needs multiple agents working in parallel or staged phases.

2026-05-23398

playbook.md

from "ohdearquant/lionagi"

Author lionagi playbooks — reusable YAML workflow templates that define parametric agent tasks. Playbooks live at ~/.lionagi/playbooks/ and run via li play <name>. Use when: creating reusable workflows, parameterizing agent tasks, or setting up repeatable pipelines.

2026-05-23398

pr-review.md

from "ohdearquant/lionagi"

Multi-perspective PR review procedure. Plan a minimal DAG of specialists scoped to what the PR actually touches, synthesize with a critic, post ONE consolidated comment per verbosity tier. Pull before any structured PR review so the methodology stays consistent.

2026-05-23398

review.md

from "ohdearquant/lionagi"

General-purpose code review checklist. Use when reviewing any code change without a narrower specialization. Complements security-review, pr-review (multi-perspective), and the other review skills — pull this when you need the standard correctness/quality rubric without a specific angle.

2026-05-23398

show.md

from "ohdearquant/lionagi"

Orchestrate multi-play shows: decompose a complex goal into sequential plays (each a li play invocation), gate each output for quality, adapt the plan based on results, and merge work into an integration branch. Shows are first-class entities in Lion Studio with dedicated UI at /shows.

2026-05-23398

package.json

"author": "ohdearquant"

"repository": "ohdearquant/lionagi"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	security-review
description	Threat-model rubric for a focused security review of a code change. Use when reviewing auth / input validation / crypto / secrets / supply chain, or as the "security" dimension of a multi-perspective PR review. Pull this skill before starting so severity calibration and coverage stay consistent.
allowed-tools	["Bash","Read","Glob","Grep"]

Security review procedure

A focused rubric for security review of a code change. Designed as the "security" specialist dimension of a multi-perspective PR review, but applies equally to a standalone audit.

Scope

Review ONLY your assigned diff (or module). Cross-module concerns go to the architecture specialist; correctness bugs without security impact go to correctness.

Checklist summary (10 sections)

Authentication & authorization — endpoint auth checks, session tokens, RBAC, fail-closed, multi-tenant
Input validation — type/range/length/encoding, parameterization, regex anchoring, structured data parsers
Data exposure — error messages, logs, response fields, timing/cache leaks
Crypto & secrets — hardcoded keys, safe defaults, weak primitives, random vs secrets, password hashing
Injection — SQL, shell, LDAP, template, HTML/XSS
File / path handling — path containment, zip-slip, temp files, symlinks
Supply chain — typosquatting, pinned versions, endpoint validation
Deserialization & parsers — pickle, yaml.load, eval, exec, XXE
Race conditions / TOCTOU — atomic file operations, lock scope
Denial of service — unbounded loops on user input, rate limiting

See threat-model.md for full per-section detail and CWE mapping.

Severity calibration

CRITICAL — exploitable now, no special conditions: auth bypass, RCE, full data exposure
HIGH — data exposure / auth gap requiring specific conditions
MEDIUM — mis-scoped tokens, weak validation, missing rate limit
LOW — defense-in-depth hardening
INFO — notes for future consideration

Output format

Severity	Location	Description	Suggested fix	Confidence	Runtime-context caveats
HIGH	`file.py:112`	Path not containment-checked	resolve() + relative_to(root)	High	Requires malicious planner output

Verdict at top: APPROVE | REQUEST CHANGES | REJECT. Cite file:line. Reference CWE where clear (CWE-22 path traversal, CWE-89 SQLi).

Ground rules

Don't invent requirements.
Flag runtime context you need but can't see.
Be honest about confidence.
Review against committed HEAD of the PR branch.

security-review

Security review procedure

Scope

Checklist summary (10 sections)

Severity calibration

Output format

Ground rules

More from this repository

More from this repository

Security review procedure

Scope

Checklist summary (10 sections)

Severity calibration

Output format

Ground rules