一键导入
secure-code-review
Security code review using OWASP Top 10, input validation, and Hack23 ISMS secure development policy for TypeScript/MCP
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Security code review using OWASP Top 10, input validation, and Hack23 ISMS secure development policy for TypeScript/MCP
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
C4 architecture model, security architecture, Mermaid diagrams, SECURITY_ARCHITECTURE.md, and comprehensive documentation per Hack23 Secure Development Policy
AI-augmented development controls, GitHub Copilot governance, LLM security, AI-generated code review per Hack23 Secure Development Policy
EU AI Act compliance, OWASP LLM security, responsible AI practices for parliamentary data and MCP server applications
Enforce code quality with ESLint, TypeScript strict mode, Knip unused detection, and quality gates for MCP servers
ISO 27001, NIST CSF 2.0, CIS Controls v8.1, EU CRA compliance mapping, multi-standard alignment per Hack23 ISMS policies
Contribution process with PR workflow, code review standards, commit conventions, and open source best practices
| name | secure-code-review |
| description | Security code review using OWASP Top 10, input validation, and Hack23 ISMS secure development policy for TypeScript/MCP |
| license | Apache-2.0 |
Conduct thorough security code reviews for TypeScript MCP server code, identifying vulnerabilities before production.
// ✅ SECURE: Zod schema validation
import { z } from 'zod';
const InputSchema = z.object({
id: z.number().int().positive(),
name: z.string().min(1).max(255),
country: z.string().length(2)
});
// ❌ INSECURE: No validation
function getUser(id: any) { return db.query(`SELECT * FROM users WHERE id = ${id}`); }
npm audit --audit-level=high
npx knip # Find unused dependencies
npm run test:licenses # Check license compliance
// ✅ SECURE: Generic error messages
catch (error) {
logger.error('Internal error details', { error });
return { error: 'An unexpected error occurred' };
}
// ❌ INSECURE: Leaking internals
catch (error) {
return { error: error.stack }; // Never expose stack traces
}
Core SDLC policies (authoritative — always cite the applicable ones in review comments):
Supporting policies (cite when applicable):