npx claudepluginhub cmaenner/agent-security-playbookThis skill uses the workspace's default tool permissions.
Review code for security vulnerabilities by following the full procedure in `plays/tier1-code-analysis/code-review-security.md`.
Review code systematically for security vulnerabilities using OWASP Top 10, secure coding patterns, and static analysis best practices. Use when reviewing pull requests, conducting security code reviews, or implementing secure development practices.
Identifies high-confidence exploitable security vulnerabilities like injection, XSS, authentication, authorization, and cryptography issues using OWASP guidelines after tracing data flows in the codebase.
Scans codebases for OWASP Top 10 vulnerabilities via static analysis: secret exposure, injection flaws, auth/authz gaps, supply-chain risks, misconfigurations, logging failures. Use before deployments, PR merges, auth/payment changes.
Share bugs, ideas, or general feedback.
Review code for security vulnerabilities by following the full procedure in plays/tier1-code-analysis/code-review-security.md.
Scope & Context — Establish language/framework, trust boundary (server/client/library/CLI), data sensitivity (PII, credentials, financial), and exposure (internet-facing, internal, local).
Systematic Review by Vulnerability Class (priority order):
Framework-Specific Checks — Apply checks for detected framework (React, Express, Django, Flask, Spring, Rails, Go).
Diff-Specific Analysis (for PRs) — Focus on changed lines plus context, verify security controls preserved, check new endpoints match auth patterns, look for removed security controls.
Produce Findings — Cite file:line, show vulnerable snippet, explain attack scenario, provide fixed code, rate confidence.
Scope summary, findings sorted by severity using templates/finding.md, positive observations (good security controls in place), and severity count table.