AgentSkillsCN

Ecc Security Review

ECC安全评审

SKILL.md

ECC Security Review

Checklist:

  • Input validation and output encoding
  • AuthN/AuthZ boundaries (who can call what)
  • Secrets: no hardcoded tokens/keys; env vars only
  • Dependency risk: check lockfile changes; prefer pinned versions
  • SSRF / RCE vectors (URLs, file paths, shells)
  • SQL/NoSQL injection checks

Deliver:

  • Top risks + severity
  • Concrete mitigations
  • Tests for the highest-risk paths