一键导入
security-review
> Use when this capability is needed.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
> Use when this capability is needed.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Morning update routine: merge Renovate PRs, rebase local work, apply chezmoi changes Use when this capability is needed.
Use when the user wants to set, change, or clear git commit co-authors for pair or mob programming.
Use when the user asks to install, add, or set up a package, tool, CLI, or application
Use when the user wants to fetch and contextualize a GitHub repository for future reference.
Use when writing or reviewing GitHub-flavored Markdown (README, issues, PRs, docs)
Copy content to my clipboard using `pbcopy`. Use when this capability is needed.
| name | security-review |
| description | > Use when this capability is needed. |
A focused rubric for security review of a code change. Designed as the "security" specialist dimension of a multi-perspective PR review, but applies equally to a standalone audit.
Review ONLY your assigned diff (or module). Cross-module concerns go to the architecture specialist; correctness bugs without security impact go to correctness.
random vs secrets, password hashingSee threat-model.md for full per-section detail and CWE mapping.
CRITICAL — exploitable now, no special conditions: auth bypass, RCE, full data exposureHIGH — data exposure / auth gap requiring specific conditionsMEDIUM — mis-scoped tokens, weak validation, missing rate limitLOW — defense-in-depth hardeningINFO — notes for future considerationRule of thumb: CRITICAL vs HIGH — user action required to exploit? No = CRITICAL, chained = HIGH. HIGH vs MEDIUM — exploitable at attacker's expected access level? Yes = HIGH, needs escalation = MEDIUM.
| Severity | Location | Description | Suggested fix | Confidence | Runtime-context caveats |
|---|---|---|---|---|---|
| HIGH | file.py:112 | Path not containment-checked | resolve() + relative_to(root) | High | Requires malicious planner output |
Verdict at top: APPROVE | REQUEST CHANGES | REJECT.
Cite file:line. Reference CWE where clear (CWE-22 path traversal, CWE-89 SQLi).
Source: ohdearquant/lionagi — distributed by TomeVault.