一键导入
security-scan
Proactive security scanning. Triggers when modifying auth, API endpoints, user data, or sensitive operations.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Proactive security scanning. Triggers when modifying auth, API endpoints, user data, or sensitive operations.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | security-scan |
| description | Proactive security scanning. Triggers when modifying auth, API endpoints, user data, or sensitive operations. |
Automatically scans for security issues when security-sensitive code is modified.
This skill should activate when:
# Run security scan
cd backend && make security-scan
# Check for vulnerabilities
cd backend && make vuln-check
# Check npm vulnerabilities
cd web && npm audit
# Check for secrets
grep -r "api_key\|secret\|password" web/src/
## Security Scan Results
### Critical Vulnerabilities
- [Immediate action required]
### High Risk Issues
- [Should be fixed before deploy]
### Medium Risk Issues
- [Should be addressed soon]
### Recommendations
- [Security best practices]
See docs/SECURITY.md for detailed security requirements.
Proactive code quality review. Triggers on significant code changes to check security, performance, architecture, and project patterns.
Capture learnings after tasks. Triggers on task completion, repeated mistakes, retrospective requests, or "what did I learn".
SDLC workflow with MCP tools. Triggers on "start", "implement", "work on", or unclear workflow.
Git workflow management. Triggers when creating branches, preparing PRs, or managing merge decisions.
Proactive OpenAPI workflow. Triggers when OpenAPI spec files are modified to validate, regenerate code, and verify builds.
Systematic debugging with 4-phase root cause analysis. Triggers when bugs are reported, errors encountered, or unexpected behavior observed.