Skill: Security Review
This skill provides a framework for auditing the codebase for security risks.
🛡️ Core Audit Areas
- •Secret Scanning: Check for API keys, tokens, or credentials in files and history.
- •Input Sanitization: ensure all data from UI or external APIs is validated before use.
- •Dependency Check: Audit
package.jsonandCargo.tomlfor known vulnerabilities. - •Tauri Context: Review command permissions and frontend/backend bridge for potential leaks.
🛠️ Review Protocol
- •Initial Scan: Use
grepor specialized tools to find patterns of sensitive data. - •OWASP Analysis: Apply OWASP Top 10 principles to the current architecture.
- •Report: Document findings and categorize by severity (Critical, High, Medium, Low).
- •Fix & Verify: Implement fixes and add security tests to prevent regression.
🚨 Response
If a critical vulnerability or exposed secret is found, stop work immediately, rotate secrets if leaked, and prioritize the fix over all other tasks.