Loading...
Loading...
Found 6 Skills
Security-focused code review checklist and automated scanning patterns. Use when reviewing pull requests for security issues, auditing authentication/authorization code, checking for OWASP Top 10 vulnerabilities, or validating input sanitization. Covers SQL injection prevention, XSS protection, CSRF tokens, authentication flow review, secrets detection, dependency vulnerability scanning, and secure coding patterns for Python (FastAPI) and React. Does NOT cover deployment security (use docker-best-practices) or incident handling (use incident-response).
Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks.
Review code for security: injection, sensitive data, authentication and authorization, dependencies and CVEs, configuration and secrets, and crypto. Cognitive-only atomic skill; output is a findings list.
OpenHarmony Distributed Soft Bus Code Security Review Expert - Comprehensive inspection of C/C++ code against secure coding standards and logging specifications. Covers over 40 security rules, including key areas such as pointer safety, memory management, lock management, and sensitive information protection. Provides cross-file call analysis and control flow analysis, generating detailed code review reports. Only triggered when user input contains "软总线安全卫士" (Soft Bus Security Guard). ⚠️ Important: This skill is a read-only review tool and does not modify source files.
Run a comprehensive security review on code
Security architecture and threat modeling. OWASP Top 10 analysis, security pattern implementation, vulnerability assessment, and security review for code and infrastructure.