auditing-pre-release-security
Pre-Release Security Audit (Between Any Two Git Refs)
This skill compares any two git refs (tag/branch/commit SHA) and audits:
- Source-code diffs for security regressions
- Dependency changes (direct + transitive) and lockfile determinism
- Newly introduced package behaviors inside
node_modules - CI/CD workflow risks in
.github/workflowsand build configs (Expo/EAS)
The output is a Chinese Markdown report, with a unique title and filename containing the refs to avoid overwrites.
0) Mandatory: confirm audit range (BASE_REF, TARGET_REF)
Ref rules
- Accepted: tag / branch / commit SHA
BASE_REF= starting point,TARGET_REF= ending point (release candidate)
If refs are not explicitly provided by the user
Ask exactly once before doing any work:
More from onekeyhq/app-monorepo
react-best-practices
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
109implementing-figma-designs
Implements Figma designs 1:1 using OneKey component library (还原设计稿).
771k-coding-patterns
Coding patterns and best practices — React components, promise handling, and TypeScript conventions.
691k-code-quality
Code quality standards — lint (eslint/oxlint), type check (tsc), pre-commit hooks, and comment conventions. All comments must be in English.
681k-date-formatting
Date and time formatting — use OneKey dateUtils (formatDate/formatTime) instead of native JS date methods.
681k-git-workflow
Git workflow and conventions — branching, commit messages, and PR creation.
68