一键导入
security-review
Use this skill for local security and public-leakage review before commits, releases, or distribution where sensitive values must not be printed.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Use this skill for local security and public-leakage review before commits, releases, or distribution where sensitive values must not be printed.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | security-review |
| description | Use this skill for local security and public-leakage review before commits, releases, or distribution where sensitive values must not be printed. |
| os | cross-platform |
Use this Skill when the situation matches the frontmatter description. It is cross-platform and tool-neutral: judgment, sequencing, risk boundaries, and human confirmation points live here; deterministic checks should be delegated to installed workflow runtime paths first, then to source repository paths when the runtime is not installed.
os: cross-platform. Local scans should avoid uploading repository content and should redact sensitive values in summaries.
Prefer installed runtime paths:
~/.agent-routines/workflows.agent-routines/workflowsSource fallback:
workflows/<workflow-name>/Recommended workflows: security-check, release-check, gate-check
Ask before deleting files, rewriting history, rotating credentials, changing public package contents, or approving a release with unresolved sensitive findings.
If high-confidence sensitive material is found, report only type, path, and line. Do not quote the value. Treat low-confidence pattern matches as manual review items.
Use this skill for backend API, DTO, or enum changes that require frontend request wrappers, types, enums, or UI adaptations.
Use this skill for durable execution records, runbooks, evidence folders, artifacts, and validation of archive layout after task completion.
Use this skill for validated local commit and optional push workflows where scope, staged content, identity, gates, and human confirmation must be handled explicitly.
Use this skill for desktop productivity UI design systems, design tokens, dense tables, status markers, theme tokens, and non-AI-looking Electron app visual standards.
Use this skill for Electron desktop packaging and release readiness across Windows, macOS, and Linux, including signing boundaries, artifacts, dry-runs, and public release checks.
Use this skill for cross-platform desktop UI QA of Electron apps, including renderer screenshots, native window behavior, shell prerequisites, task logs, and platform-specific checks.