Security Review

This skill is a reference library + workflow. Twenty evidence-based security pattern files live under patterns/. Each one is grounded in specific CVEs, audit findings, and review processes from the Linux kernel, OpenSSL, Chromium, Firefox, curl, Go, Rust, Kubernetes, Next.js, and dozens of other projects.

The skill can be invoked two ways:

• Standalone: "do a security review of this branch" — run the workflow below end-to-end.
• As a reference from /review: the pre-landing review skill reads the matching pattern file(s) when a diff touches a security-sensitive area.

Each pattern file contains:

• The Core Question — the one question to keep in mind
• What To Check — specific code patterns with examples
• Red Flags — patterns that signal danger
• Catalog References — real CVEs demonstrating each pattern

Step 1: Scope the review

Determine what is being reviewed.