Security Review
Perform a security review of code changes.
When to use this skill
-
When reviewing code for security vulnerabilities
-
Before completing changes to authentication/authorization code
-
When adding new dependencies
-
During security-focused code reviews
-
When asked to perform a "security review" or "security audit"
Skill Contents
Available Resources
📚 references/ - Detailed documentation
-
go
-
java
-
python
-
typescript
-
workflow
Quick Checklist
-
Credential Scanning - Search for hardcoded secrets
-
Input Validation - Check SQL injection, XSS, command injection
-
Authentication & Authorization - Review auth mechanisms
-
Data Protection - Check encryption and data handling
-
Dependency Security - Scan for vulnerable packages
Output Format
For each finding, provide:
-
Finding: Description of the issue
-
Severity: Critical/High/Medium/Low
-
Recommendation: How to fix
-
File/Line: Location
Security Checks
Check Description
Credential scanning Detect hardcoded secrets
Input validation Verify user input is sanitized
Dependency audit Check for vulnerable dependencies
Authentication Review auth/authz implementations
References
Technology Reference
Java references/java/security-patterns.md
TypeScript references/typescript/security-patterns.md
Python references/python/security-patterns.md
Go references/go/security-patterns.md
Related Skills
-
fix-vulnerabilities (Java) - Dependency vulnerability management
-
fix-vulnerabilities (Node.js) - npm audit and vulnerability management
-
fix-sonarqube (Java) - SonarQube issue fixing for Java
-
fix-sonarqube (Node.js) - SonarQube issue fixing for Node.js