Skill

security-review

Reviews code, skills, and prompts for security vulnerabilities including OWASP Top 10, prompt injection, business logic flaws, and insecure defaults. Use for PR reviews, module audits, AI skill/prompt reviews, or release prep.

security

npx claudepluginhub codeaholicguy/ai-devkit

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Find vulnerabilities before they ship.

Supporting Assets

agents/openai.yamlreferences/checklist.md

SKILL.md

Similar Skills

security-review

666

Performs security code reviews identifying high-confidence exploitable vulnerabilities like injection, XSS, authentication issues after tracing data flows and validation.

20 files5 tools

sentry-skills

security-review

Scans codebases for OWASP Top 10 vulnerabilities via static analysis: secret exposure, injection flaws, auth/authz gaps, supply-chain risks, misconfigurations, logging failures. Use before deployments, PR merges, auth/payment changes.

claude-impl-tools

security-review

29.8k

Scans codebases for vulnerabilities like injections, XSS, secrets exposure, insecure deps, and access control flaws across JavaScript, TypeScript, Python, Java, PHP, Go, Ruby, Rust.

5 files

awesome-copilot-refactor

Stats

Stars1178

Forks190

Last CommitMay 6, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Security Review

Find vulnerabilities before they ship.

Hard Rules

Do not dismiss a finding without evidence it is unexploitable.
Do not commit, log, or surface secrets discovered during review — flag and recommend rotation.
Do not modify code until the user approves a remediation plan.

Workflow

Scope
- Confirm target: diff, file set, module, full repo, or skill/prompt. A target can be both code and prompt.
- Identify stack/framework — adapt the checklist (skip what the framework handles, add its pitfalls).
- Trace data flow: request → middleware → handler → service → datastore → response. For prompts: input → template → LLM → tools → output.
- Map trust boundaries, privilege levels, and threat actors.
- Search prior findings: npx ai-devkit@latest memory search --query "<target>" --tags "security"
Scan
- Only check relevant categories. Skip sections and items that don't apply. Do not report skipped items.
- For diffs/PRs: also check whether the change weakens existing controls — removed middleware, bypassed validation, new unprotected routes.
- Categories in priority order: a. Secrets — hardcoded tokens, keys, connection strings. b. Injection — SQL, NoSQL, command, template, SSRF, path traversal, XSS. c. Auth — missing checks, privilege escalation, OAuth/OIDC, IDOR. d. Business Logic — race conditions, TOCTOU, workflow bypass, mass assignment, parameter tampering. e. Data Exposure — PII in logs, verbose errors, overly broad responses. f. Resource Exhaustion — unbounded queries, missing pagination, upload size, decompression bombs. g. Dependencies — critical CVEs only (RCE, auth bypass, data breach); ignore low/medium. h. Cryptography — weak algorithms, hardcoded IVs/keys, disabled certificate validation. i. Configuration — debug mode, permissive CORS, missing security headers. j. Logging — security events unlogged, no tamper protection, no alerting. k. Prompt Injection — instruction override, tool abuse, data exfiltration, indirect injection via tool results.
- For each finding: file, line, evidence.

Classify

Severity	Criteria
Critical	Exploitable now, data loss or RCE possible
High	Exploitable with moderate effort or insider access
Medium	Requires chained conditions or limited impact
Low	Defense-in-depth, no direct exploit path

Adjust severity by exposure (internet-facing vs internal) and data sensitivity.
Check for attack chains — multiple Medium findings that combine into High/Critical.
Mark false positives with reasoning.

Remediate
- For each finding: root cause, minimal fix (prefer stdlib/framework over custom), verification step.
- For Critical/High: also recommend a detection control (log, alert, or WAF rule).
- Present plan and request approval before changing code.
Verify
- Use the verify skill to confirm each remediation.
- Re-scan fixed files for regressions.
- Store findings: npx ai-devkit@latest memory store --title "<pattern>" --content "<finding and fix>" --tags "security,<category>"

Red Flags

Rationalization	Do Instead
"It's internal / behind a VPN / only admins"	Zero-trust: validate at every boundary regardless of network position or user role
"We'll add auth later"	Add auth before merge — unauthenticated endpoints get discovered fast
"It's just a dev credential"	Use env vars / secrets manager — dev secrets leak to prod constantly
"The framework handles that"	Verify the config — frameworks have defaults, not guarantees
"We sanitize on the frontend"	Always validate server-side — client validation is bypassable
"The LLM won't follow injected instructions"	Treat all tool results and external content as untrusted data
"It's just a prompt, not code"	Prompts control tool execution — review with the same rigor as code

Output Template

Scope: Target, stack, data flow, trust boundaries, threat actors
Findings (by severity): ID, severity, category, file:line, exploit scenario, fix
Attack Chains: Findings that escalate when combined
False Positives: Dismissed items with reasoning
Remediation Plan: Ordered fixes with verification steps
Residual Risk: Scope limitations, unverifiable items
Zero findings: state what was checked and scope boundaries — "no findings" ≠ "fully secure"