security-review
8
总安装量
8
周安装量
#34425
全站排名
安装命令
npx skills add https://github.com/mcouthon/agents --skill security-review
Agent 安装分布
mcpjam
8
roo
8
kilo
8
claude-code
8
junie
8
windsurf
8
Skill 文档
Security Review
Systematic security analysis of code changes.
Core Approach
“Assume the user is the attacker. Find where trust is misplaced.”
Risk Classification
| Risk Level | Triggers |
|---|---|
| HIGH | Auth, crypto, external calls, value transfer, validation removal |
| MEDIUM | Business logic, state changes, new public APIs |
| LOW | Comments, tests, UI, logging |
Attack Surface Mapping
For each change, identify:
- User inputs – request params, headers, body, URL components
- Database queries – any SQL/ORM operations
- Auth/authz checks – where permissions are verified
- External calls – APIs, services, file system
- Cryptographic operations – hashing, encryption, tokens
Security Checklist
Input Validation
- All user input validated before use
- Validation happens at trust boundary (not just client)
- Type coercion handled safely
- Size/length limits enforced
Authentication/Authorization
- Auth checks present on all protected paths
- No privilege escalation paths
- Session handling is secure
- Token expiration enforced
Data Exposure
- No secrets in logs or responses
- Sensitive data filtered from error messages
- PII handling follows policy
- Debug endpoints disabled in production
Injection Prevention
- Parameterized queries for SQL
- Output encoding for XSS
- Command injection prevented
- Path traversal blocked
Cryptography
- No custom crypto implementations
- Strong algorithms used (no MD5/SHA1 for security)
- Secrets not hardcoded
- Key rotation possible
Blast Radius Analysis
For HIGH risk changes:
- Count direct callers
- Trace transitive dependencies
- Identify failure modes
- Check rollback feasibility
- Assess data exposure scope
Red Flags (Stop and Escalate)
- ð´ Removed validation without replacement
- ð´ Access control modifiers weakened
- ð´ External calls added without error handling
- ð´ Crypto operations changed
- ð´ Auth bypass paths introduced
- ð´ Secrets in source code
- ð´
eval()or dynamic code execution - ð´ Disabled security controls (even “temporarily”)
Common Vulnerability Patterns
| Pattern | Look For |
|---|---|
| IDOR | User-controlled IDs without ownership check |
| Mass Assignment | Binding request body directly to models |
| SSRF | User-controlled URLs in server requests |
| Path Traversal | User input in file paths without sanitization |
| Race Condition | Check-then-use without locking |
| Insecure Deserialization | Deserializing untrusted data |
Output Format
For each finding:
**File**: `path/to/file.py:42`
**Risk**: HIGH | MEDIUM | LOW
**Category**: [Input Validation | Auth | Data Exposure | Injection | Crypto]
**Issue**: [Brief description of what's wrong]
**Evidence**: [Specific code or pattern that demonstrates the issue]
**Recommendation**: [What should be done - without implementing it]
Review Summary Template
## Security Review Summary
**Scope**: [Files/changes reviewed]
**Risk Level**: [Overall: HIGH/MEDIUM/LOW]
### Attack Surface
- Inputs: [list]
- External calls: [list]
- Auth points: [list]
### Findings
| # | Risk | Category | File:Line | Issue |
| --- | ---- | -------- | ---------- | ------------------------ |
| 1 | HIGH | Auth | file.py:42 | Missing permission check |
### Recommendations
1. [Priority-ordered list of fixes]
### Not Reviewed
[Areas that need separate review or were out of scope]
What NOT to Do
- â Fix the issues (identify only)
- â Assume “internal only” means safe
- â Skip test files (they often reveal behavior)
- â Trust comments that say “safe” or “validated elsewhere”
- â Ignore configuration files
The Security Reviewer’s Creed
“I’m not here to approveâI’m here to find what’s missed.”
Trust nothing. Verify everything. Document clearly.