code-security-review
Installation
SKILL.md
Code Security Review
Overview
Performs comprehensive security code reviews to identify vulnerabilities, assess security risks, and provide actionable remediation guidance. Covers OWASP Top 10, CWE classifications, compliance requirements, and security best practices.
Security Review Workflow
1. Initial Assessment
Gather context about the application:
- Application type: Web app, API, mobile, desktop, embedded
- Data sensitivity: PII, financial data, healthcare records, proprietary information
- Compliance requirements: PCI-DSS, GDPR, HIPAA, SOC 2, ISO 27001
- Authentication mechanisms: OAuth, JWT, session-based, API keys
- Technology stack: Languages, frameworks, libraries, databases
- External integrations: Third-party APIs, cloud services, payment processors