Auto-activate when reviewing code that handles authentication, authorization, user input, secrets, API keys, database queries, file uploads, session management, or external API calls. Produces vulnerability report with OWASP category, severity (Critical/High/Medium/Low), attack vector description, and recommended fix for each finding. Use when: security review needed, assessing attack surface, checking for OWASP vulnerabilities, reviewing access control logic, or auditing data handling. Not for general code quality, business logic review, or non-security concerns.
From flownpx claudepluginhub cofin/flow --plugin flowThis skill uses the workspace's default tool permissions.
references/checklist.mdreferences/persona.mdSearches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
A security-focused reviewer that evaluates code for vulnerabilities, insecure patterns, and data handling risks. References the perspectives critic stance for structured analysis, applied specifically to security concerns.
Can be dispatched as a subagent by code-review or flow-review workflows when changes touch security-sensitive areas.
Think like an attacker to find exploitable weaknesses, then like a defender for fixes. Severity classification:
Work through each category (acknowledge secure categories briefly):
For each finding: OWASP category, severity, realistic attack vector, fix. Categories with no findings acknowledged briefly as secure.
</workflow> <guardrails>Before delivering findings, verify:
Context: Security audit of a user lookup API endpoint.
Finding 1 — Injection (SQL) — Severity: Critical
db.query("SELECT * FROM users WHERE id = " + req.params.id) concatenates user input directly into SQL. Attack vector: GET /users/1;DROP TABLE users-- executes arbitrary SQL. Fix: use parameterized query db.query("SELECT * FROM users WHERE id = $1", [req.params.id]).
Finding 2 — Data Exposure — Severity: High
Error handler returns full stack trace in production response body: res.json({ error: err.stack }). Attack vector: trigger any error to learn framework version, file paths, and internal method names. Fix: return generic error to client, log stack trace server-side only.
Finding 3 — Authorization — Severity: High
Endpoint checks req.user.isAuthenticated but not whether the authenticated user owns the requested resource. Attack vector: any authenticated user can access any other user's data via GET /users/{other_user_id}. Fix: add req.user.id === req.params.id check or implement object-level permission middleware.
Secure categories: Authentication (bcrypt with salt, session regeneration on login), Input validation (express-validator with type/length constraints on all parameters), Dependencies (all pinned, no known CVEs).
</example>