一键导入
security-review
Comprehensive security review checklist for auth, OAuth, admin, and multi-tenant code changes
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Comprehensive security review checklist for auth, OAuth, admin, and multi-tenant code changes
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Use when designing prompts for LLMs, optimizing model performance, building evaluation frameworks, or implementing advanced prompting techniques like chain-of-thought, few-shot learning, or structured outputs.
How to deploy Dravr infrastructure and apply Cloud Run config changes. Use when editing infra/ terraform, when a merged code change is live but a Cloud Run setting (cpu, memory, min/max instances, env var, scaling) hasn't taken effect, or when asked to plan/apply infra. Explains the two-pipeline model (app binary auto-deploys on push; terraform infra config is a separate manual apply) plus the cpu/cpu_idle guardrails.
Enforces zero-tolerance code quality policy using Clippy with strict lints, all warnings treated as errors
Write well-formatted notes to the dravr-vault Obsidian knowledge base. Use this skill whenever creating or updating an ADR, runbook, plan, API doc, guide, session output, or any structured document that should land in the vault — even when the user doesn't say "Obsidian" explicitly. Delegates to obsidian:obsidian-cli to write to the live vault and applies Dravr frontmatter and formatting standards.
Bootstrap Pierre server with database, admin user, coaches, and test users for development and testing
Validates coach markdown files for required frontmatter fields, sections, and naming conventions
| name | security-review |
| description | Comprehensive security review checklist for auth, OAuth, admin, and multi-tenant code changes |
| user-invocable | true |
Comprehensive security review checklist triggered when modifying authentication, authorization, OAuth, admin, or multi-tenant code. Covers the categories identified in the Feb 2026 post-mortem audit.
Run this skill:
echo "========================================="
echo " SECURITY REVIEW CHECKLIST"
echo "========================================="
# 1. Authorization Boundaries
echo ""
echo "--- 1. Authorization Boundaries ---"
# Check for endpoints with auth but no role/permission check
echo "🔍 Checking auth endpoints for authorization..."
rg "async fn.*(admin|coach|manage|assign|remove|revoke|create_token|delete)" src/routes/ --type rust -A 15 | \
rg -v "is_admin|is_super_admin|role|permission|tenant_membership" | \
rg "async fn" && \
echo "⚠️ Admin endpoints may lack authorization checks" || \
echo "✓ Admin endpoints have authorization checks"
# Check super-admin operations require super-admin
echo "🔍 Checking super-admin gating..."
rg "super.?admin|SuperAdmin" src/routes/ --type rust -B 3 -A 10 | \
rg "is_super_admin" | wc -l
echo "Super-admin check count (should be >0 for admin routes)"
# 2. Multi-Tenant Isolation
echo ""
echo "--- 2. Multi-Tenant Isolation ---"
# Check all SQL queries for tenant_id
echo "🔍 Checking SQL queries for tenant scoping..."
rg "sqlx::query" src/ --type rust -A 5 | \
rg "SELECT|INSERT|UPDATE|DELETE" | \
rg -v "tenant_id|migration|schema_version|system_config" | head -10
echo "(Above should be empty — all queries need tenant_id)"
# Check cache keys include tenant_id
echo "🔍 Checking cache key construction..."
rg "cache.*key|cache.*get|cache.*set|cache.*insert" src/ --type rust -A 3 | \
rg -v "tenant" | rg "fn\|let" | head -5
echo "(Above should be empty — cache keys need tenant_id)"
# 3. Input Domain Validation
echo ""
echo "--- 3. Input Domain Validation ---"
# Check for division operations
echo "🔍 Checking division safety..."
rg "/ [a-z_]+" src/ --type rust -n | \
rg -v "test|//|as f64|as f32|\.len\(\)|\.count\(\)" | \
head -10
echo "(Review above for potential divide-by-zero)"
# Check pagination bounds
echo "🔍 Checking pagination bounds..."
rg "limit|offset|page_size|per_page" src/routes/ --type rust -A 3 | \
rg "clamp|min|max|\.max\(1\)" | wc -l
echo "Pagination bound checks found"
# 4. OAuth & Protocol
echo ""
echo "--- 4. OAuth & Protocol Compliance ---"
# Check state parameter validation
echo "🔍 Checking OAuth state validation..."
rg "state.*param|validate.*state|verify.*state" src/ --type rust -n | wc -l
echo "State validation checks (should be >0)"
# Check PKCE enforcement
echo "🔍 Checking PKCE enforcement..."
rg "code_challenge|code_verifier" src/ --type rust -n | wc -l
echo "PKCE references (should be >0)"
# 5. Logging Hygiene
echo ""
echo "--- 5. Logging Hygiene ---"
# Check for sensitive data in logs
echo "🔍 Checking for secrets in log statements..."
rg "(info!|warn!|error!)\(.*\{.*(token|key|secret|password)" src/ --type rust -n | \
rg -v "redact|REDACT|mask|\*\*\*|token_type|key_id|key_count" | head -5
echo "(Above should be empty — no secrets in logs)"
# 6. Template & Query Safety
echo ""
echo "--- 6. Template & Query Safety ---"
# Check for format! SQL
echo "🔍 Checking for format! SQL injection..."
rg "format!\(.*(?:SELECT|INSERT|UPDATE|DELETE)" src/ --type rust -n && \
echo "❌ CRITICAL: format! used in SQL!" || \
echo "✓ No format! SQL injection"
# Check HTML escaping
echo "🔍 Checking HTML escaping..."
rg "text/html|Content-Type.*html" src/ --type rust -B 5 -A 10 | \
rg "format!" | rg -v "html_escape" | head -5
echo "(Above should be empty — HTML must use escaping)"
echo ""
echo "========================================="
echo " SECURITY REVIEW COMPLETE"
echo "========================================="
This skill should be invoked when files in these paths are modified:
src/routes/auth.rs — authentication/session managementsrc/routes/admin.rs — admin panel operationssrc/oauth2_server/ — OAuth authorization serversrc/oauth2_client/ — OAuth client (Strava, etc.)src/mcp/multitenant.rs — multi-tenant MCP handlingsrc/database/ — database queries (tenant scoping)src/middleware/ — auth/tenant middlewareThe CI-runnable version of this skill lives at scripts/ci/security-review.sh.
It runs automatically in CI via ./scripts/ci/architectural-validation.sh --apply-skills.
validate-architecture — Architectural patternscheck-no-secrets — Secret detectiontest-multitenant-isolation — Tenant isolation testscheck-input-validation — Input validation checks