performing-security-code-review
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSecurity Agent
Security Agent
This skill provides automated assistance for security agent tasks.
该技能可为安全代理相关任务提供自动化协助。
Overview
概述
This skill empowers Claude to act as a security expert, identifying and explaining potential vulnerabilities within code. It leverages the security-agent plugin to provide detailed security analysis, helping developers improve the security posture of their applications.
该技能让Claude能够扮演安全专家的角色,识别并解释代码中存在的潜在漏洞。它借助security-agent插件提供详细的安全分析,帮助开发者提升应用的安全状态。
How It Works
工作原理
- Receiving Request: Claude identifies a user's request for a security review or audit of code.
- Activating Security Agent: Claude invokes the security-agent plugin to analyze the provided code.
- Generating Security Report: The security-agent produces a structured report detailing identified vulnerabilities, their severity, affected code locations, and recommended remediation steps.
- 接收请求:Claude识别用户提出的代码安全审查或审计需求。
- 激活安全代理:Claude调用security-agent插件对提交的代码进行分析。
- 生成安全报告:security-agent会输出结构化报告,详细说明识别到的漏洞、漏洞严重程度、受影响的代码位置,以及建议的修复步骤。
When to Use This Skill
何时使用该技能
This skill activates when you need to:
- Review code for security vulnerabilities.
- Perform a security audit of a codebase.
- Identify potential security risks in a software application.
当你需要完成以下操作时可激活该技能:
- 审查代码的安全漏洞
- 对代码库执行安全审计
- 识别软件应用中潜在的安全风险
Examples
示例
Example 1: Identifying SQL Injection Vulnerability
示例1:识别SQL注入漏洞
User request: "Please review this database query code for SQL injection vulnerabilities."
The skill will:
- Activate the security-agent plugin to analyze the database query code.
- Generate a report identifying potential SQL injection vulnerabilities, including the vulnerable code snippet, its severity, and suggested remediation, such as using parameterized queries.
用户请求:“请审查这段数据库查询代码是否存在SQL注入漏洞。”
该技能会:
- 激活security-agent插件分析数据库查询代码。
- 生成报告,识别潜在的SQL注入漏洞,包含存在漏洞的代码片段、严重程度,以及建议的修复方案(比如使用参数化查询)。
Example 2: Checking for Insecure Dependencies
示例2:检查不安全依赖
User request: "Can you check this project's dependencies for known security vulnerabilities?"
The skill will:
- Utilize the security-agent plugin to scan the project's dependencies against known vulnerability databases.
- Produce a report listing any vulnerable dependencies, their Common Vulnerabilities and Exposures (CVE) identifiers, and recommendations for updating to secure versions.
用户请求:“你能否检查这个项目的依赖是否存在已知安全漏洞?”
该技能会:
- 利用security-agent插件将项目依赖与已知漏洞数据库进行比对扫描。
- 输出报告,列出所有存在漏洞的依赖、对应的通用漏洞披露(CVE)编号,以及升级到安全版本的建议。
Best Practices
最佳实践
- Specificity: Provide the exact code or project you want reviewed.
- Context: Clearly state the security concerns you have regarding the code.
- Iteration: Use the findings to address vulnerabilities and request further reviews.
- 明确具体:提供你想要审查的准确代码或项目。
- 提供上下文:清晰说明你对代码相关的安全顾虑。
- 迭代优化:根据扫描结果修复漏洞后,可再次发起审查请求。
Integration
集成说明
This skill integrates with Claude's code understanding capabilities and leverages the security-agent plugin to provide specialized security analysis. It can be used in conjunction with other code analysis tools to provide a comprehensive assessment of code quality and security.
该技能与Claude的代码理解能力相集成,并借助security-agent插件提供专业的安全分析。它可以和其他代码分析工具搭配使用,对代码质量和安全性进行全面评估。
Prerequisites
前置要求
- Appropriate file access permissions
- Required dependencies installed
- 拥有对应的文件访问权限
- 已安装所需的依赖项
Instructions
使用说明
- Invoke this skill when the trigger conditions are met
- Provide necessary context and parameters
- Review the generated output
- Apply modifications as needed
- 满足触发条件时调用该技能
- 提供必要的上下文和参数
- 审查生成的输出结果
- 根据需要进行修改
Output
输出
The skill produces structured output relevant to the task.
该技能会生成与任务相关的结构化输出。
Error Handling
错误处理
- Invalid input: Prompts for correction
- Missing dependencies: Lists required components
- Permission errors: Suggests remediation steps
- 输入无效:提示用户修正
- 依赖缺失:列出所需的组件
- 权限错误:给出修复步骤建议
Resources
相关资源
- Project documentation
- Related skills and commands
- 项目文档
- 相关技能和命令