一键导入
security-review
Security scanning and vulnerability assessment — standardized code security review playbook
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Security scanning and vulnerability assessment — standardized code security review playbook
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
Continuously improves the project by checking docs (web, Context7, opencode), using LSPs for code context, monitoring skills/plugins/scripts, and adapting best practices.
Continuity management — preserves context, maintains thermal maps, and serializes states across sessions
Read diffs carefully, identify risks, and produce review feedback that is specific and actionable.
Write accurate docs, keep references current, and capture verified behavior only.
Branching, rebasing, commit hygiene, and review-friendly history for agency delivery.
Use the language server for precise navigation, symbol lookup, refactoring, and diagnostics.
基于 SOC 职业分类
| name | security-review |
| description | Security scanning and vulnerability assessment — standardized code security review playbook |
| license | MIT |
| compatibility | opencode |
| metadata | {"audience":"developers","workflow":"security"} |
This skill provides a standardized, context-efficient playbook for the Build or Architect agents to perform code security reviews before pushing to the repository. It focuses on identifying vulnerabilities in Systems Code, Backend PHP Framework, and Modern JS Framework specific to the project's Phase constraints.
/security-review.git commit or merging a Phase branch.git MCP to identify all modified files in the current working tree.innerHTML) and improper state mutations.assets/report-template.md.assets/report-template.md to format your findings. This ensures consistent, machine-readable outputs that the Documentarian can log into the Knowledge Graph.Do not output raw code fixes in the initial report unless explicitly requested. Provide the vulnerability path and the conceptual fix. Wait for the user to authorize the Build agent to apply the fixes.