Skill

security-review

Performs security code review on target repositories using Project CodeGuard core rules and OWASP rules for detected tech stack, generating markdown report with findings, severity, remediations.

security

npx claudepluginhub cosai-oasis/project-codeguard --plugin codeguard-security

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- Use for a full codebase security review with prioritized findings,

Supporting Assets

Security_Code_Reviewer_Guidelines.md

SKILL.md

Similar Skills

code-security-audit

Performs OWASP-based code security audits on any codebase using ASVS 5.0.0, API Security Top 10 2023, CheatSheets, and WSTG. Outputs detailed Markdown reports for audits and vulnerability assessments.

5 files

backend-skills

security-review

Performs security reviews on Git diffs identifying high-confidence exploitable vulnerabilities with severity/confidence scoring, OWASP 2025 alignment, and optional GitHub PR comments.

3 files3 tools

review

Orchestrates parallel agents for security code audits (OWASP/CWE), secrets scanning, and dependency CVE checks on codebases, staged changes, or PRs.

1 tool

security

Stats

Stars151

Forks28

Last CommitApr 30, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Security Review

When to use

Use for a full codebase security review with prioritized findings, remediation guidance, and a formal report.

Inputs

Target repository path (first argument after invocation).
- Example: $security-review /path/to/repo
Security knowledge base source:
- Rules are sourced from Project CodeGuard, an open-source, model-agnostic security framework by CoSAI/OASIS.

If the repo path is missing or unclear, ask the user for it before proceeding.

Workflow

Load the security knowledge base from Project CodeGuard
- First read the Security_Code_Reviewer_Guidelines.md file bundled with this skill. Use its purpose and rule-loading strategy to guide the review.
- Load all core security rules from Project CodeGuard:
```
https://github.com/cosai-oasis/project-codeguard/tree/main/sources/rules/core
```
  These are mandatory foundational rules that must be loaded for every review.
- Load relevant OWASP rules for the detected tech stack from:
```
https://github.com/cosai-oasis/project-codeguard/tree/main/sources/rules/owasp
```
  Only load OWASP rules that match the target repository's technology stack.
Perform deep code analysis
- Review the repository line by line.
- Focus on: injection flaws, authn/authz, hardcoded secrets, crypto misuse, SSRF, path traversal, RCE vectors, XSS/CSRF, unsafe deserialization, insecure defaults/configuration, and supply chain issues.
Produce the report in markdown.

Report requirements

Executive Summary
- Total findings by severity (Critical/High/Medium/Low/Info)
- Top 5 most critical issues
- Overall security posture
Detailed Findings (for each issue)
- Title, Severity, Rule Reference(s), Location, Code Snippet
- Description, Impact, Remediation (with examples), References
Findings by Category
Recommendations
- Immediate actions, short-term (1-3 months), long-term improvements, tooling/process suggestions
Appendix
- Files reviewed, rules applied/coverage, methodology notes

Output

Save the report to:
- ./security_report/sec_review_<repo-name>_<YYYY-MM-DD_HH-mm-ss>.md
- Use the target repo folder name for <repo-name> and replace spaces with -.
- Write to the security_report folder in the current working directory.