一键导入
security-review
Comprehensive security code review workflow for a target repository, producing a markdown report with findings and recommendations.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Comprehensive security code review workflow for a target repository, producing a markdown report with findings and recommendations.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
A CodeGuard security skill that helps AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.
Guide secure migration of code from memory-unsafe languages (C, C++, Assembly) to memory-safe languages (Rust, Go, Java, C#, Swift). Use when migrating or rewriting legacy C/C++ code, designing FFI boundaries between safe and unsafe code, writing new modules in existing C/C++ codebases, reviewing mixed-language projects, planning memory safety roadmaps, or when an AI agent is about to generate new C/C++ code that could be written in a memory-safe language instead. Also triggers on CISA/NSA memory safety compliance discussions.
Instructs AI coding agents to invoke CodeGuard MCP Server security rules before writing or reviewing code.
基于 SOC 职业分类
| name | security-review |
| description | Comprehensive security code review workflow for a target repository, producing a markdown report with findings and recommendations. |
| metadata | {"short-description":"Security code review report","framework":"Project CodeGuard","codeguard-source":"https://github.com/cosai-oasis/project-codeguard"} |
$security-review /path/to/repoIf the repo path is missing or unclear, ask the user for it before proceeding.
Load the security knowledge base from Project CodeGuard
First read the Security_Code_Reviewer_Guidelines.md file bundled with
this skill. Use its purpose and rule-loading strategy to guide the review.
Load all core security rules from Project CodeGuard:
https://github.com/cosai-oasis/project-codeguard/tree/main/sources/rules/core
These are mandatory foundational rules that must be loaded for every review.
Load relevant OWASP rules for the detected tech stack from:
https://github.com/cosai-oasis/project-codeguard/tree/main/sources/rules/owasp
Only load OWASP rules that match the target repository's technology stack.
Perform deep code analysis
Produce the report in markdown.
./security_report/sec_review_<repo-name>_<YYYY-MM-DD_HH-mm-ss>.md<repo-name> and replace spaces
with -.security_report folder in the current working directory.