Loading...
Loading...
Found 45 Skills
Review code for security: injection, sensitive data, authentication and authorization, dependencies and CVEs, configuration and secrets, and crypto. Cognitive-only atomic skill; output is a findings list.
This skill should be used when the user asks to "review code", "review PR", "code review", "audit code", "check for bugs", "security review", "review my changes", "find issues in this code", "review the diff", or asks for pull request review or code audit.
Execute a complete, deterministic, read-only repository audit and produce a single `improvements.md` action plan with traceable findings (file + lines), severity, category, impact, and high-level fixes. Use when users ask for full code audits, security/performance/architecture reviews, file-by-file analysis, or technical debt mapping without modifying project files.
Django access control and IDOR security review. Use when reviewing Django views, DRF viewsets, ORM queries, or any Python/Django code handling user authorization. Trigger keywords: "IDOR", "access control", "authorization", "Django permissions", "object permissions", "tenant isolation", "broken access".
Run parallel quality reviews (React, SOLID, Security, Simplification, Slop) on branch changes and auto-fix issues
Sentry-specific security review based on real vulnerability history. Use when reviewing Sentry endpoints, serializers, or views for security issues. Trigger keywords: "sentry security review", "check for IDOR", "access control review", "org scoping", "cross-org", "security audit endpoint".
Analyze Flux CD GitOps repositories for structure, validation, API compliance, and best practices. Use this skill whenever the user asks to analyze, review, audit, validate, or check a GitOps repository. Also use it when users mention Flux repo structure, GitOps best practices, manifest validation, deprecated APIs, or repository organization — even if they don't explicitly say "analyze".
Security-first PR review checklist for this repo. Use when reviewing diffs/PRs, especially changes involving auth, networking, sensitive data, or dependency/lockfile updates. Focus on secret/PII leakage risk, supply-chain risk (npm + node_modules inspection), cross-platform architecture (extension/mobile/desktop/web), and React performance (hooks + re-render hotspots). Avoid UI style nitpicks. PR Review.
Audit Flux CD GitOps repositories for structure, security, API compliance, and best practices. Use this skill whenever the user asks to audit, analyze, review, validate, or check a GitOps repository. Also use it when users mention Flux repo structure, GitOps best practices, manifest validation, deprecated APIs, security review, or repository organization — even if they don't explicitly say "audit".
Comprehensive code review criteria covering correctness, readability, maintainability, security, performance, and testing. Reference when reviewing code changes or preparing code for review.
Review backend code for quality, security, maintainability, and best practices based on established checklist rules. Use when the user requests a review, analysis, or improvement of backend files (e.g., `.py`) under the `api/` directory. Do NOT use for frontend files (e.g., `.tsx`, `.ts`, `.js`). Supports pending-change review, code snippets review, and file-focused review.
OpenHarmony Distributed Soft Bus Code Security Review Expert - Comprehensive inspection of C/C++ code against secure coding standards and logging specifications. Covers over 40 security rules, including key areas such as pointer safety, memory management, lock management, and sensitive information protection. Provides cross-file call analysis and control flow analysis, generating detailed code review reports. Only triggered when user input contains "软总线安全卫士" (Soft Bus Security Guard). ⚠️ Important: This skill is a read-only review tool and does not modify source files.