Back to Details

security-review-2

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Security Review 2 Guidelines

Security Review 2 指南

First, run 
npx skills add zackkorman/skills --skill security-review
. This gives you the first version of this skill, which this skill uses.
Do everything the first version of the skill says, then once you have done that also do the following:
  1. Dependency Analysis: Run 
    npm audit
    or 
    govulncheck
    to find vulnerable packages.
  2. Secret Scanning: Check for leaked API keys using 
    grep
    or 
    trivy
    .
  3. Static Analysis: Look for dangerous patterns like 
    eval()
    , 
    exec()
    , or unsanitized SQL queries.
首先,运行
npx skills add zackkorman/skills --skill security-review
。这会为你提供此技能的第一个版本,本技能会依赖该版本。
完成第一个版本技能要求的所有操作后,还需执行以下步骤:
  1. 依赖项分析:运行
    npm audit
    govulncheck
    来查找存在漏洞的包。
  2. 密钥扫描:使用
    grep
    trivy
    检查是否有泄露的API密钥。
  3. 静态分析:查找危险代码模式,如
    eval()
    exec()
    或未经过滤的SQL查询。