一键导入
security-review
Run the security-audit DSL against a closed scope and emit findings.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Run the security-audit DSL against a closed scope and emit findings.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Model-only playbook for adding a property-based test that pins a function's invariant.
Dispatch a claimed wave to a runtime per the V8 session-reuse ladder.
Fresh-context verification of a phase deliverable or wave outcome. Spawns a fresh auditor subagent that re-reads the diff against the success criteria.
Auto-chained research follow-up skill with recursion guard for residual unknowns.
Resolve the Co-Authored-By trailer policy for the active repo.
Compress the session conversation when context approaches the limit.
| name | security-review |
| description | Run the security-audit DSL against a closed scope and emit findings. |
| argument-hint | --spec=<path> [--cwd=<dir>] |
| user-invocable | true |
| disable-model-invocation | false |
spec_path degrades to status=needs_user.cwd (defaults to the process working tree).ok when every check passes and failed when any check fails (failing check names surface as repair commands).When the active profile is security, this skill is a required gate for phase close.
spec_path points at a readable declarative audit spec.A missing or unreadable spec_path degrades to status=needs_user, which routes the operator to an AskUserQuestion prompt for the audit spec rather than running an empty check set.
Skill envelope with header.skill = "/security-review". Body carries scope_id, spec_path, checks_run, and the per-check findings.