AgentSkillsCN

security-review

专门用于识别并缓解代码库中安全漏洞的结构化工作流。

SKILL.md
--- frontmatter
name: security-review
description: Specialized workflows for identifying and mitigating security vulnerabilities in the codebase.

Skill: Security Review

This skill provides a framework for auditing the codebase for security risks.

🛡️ Core Audit Areas

  1. Secret Scanning: Check for API keys, tokens, or credentials in files and history.
  2. Input Sanitization: ensure all data from UI or external APIs is validated before use.
  3. Dependency Check: Audit package.json and Cargo.toml for known vulnerabilities.
  4. Tauri Context: Review command permissions and frontend/backend bridge for potential leaks.

🛠️ Review Protocol

  1. Initial Scan: Use grep or specialized tools to find patterns of sensitive data.
  2. OWASP Analysis: Apply OWASP Top 10 principles to the current architecture.
  3. Report: Document findings and categorize by severity (Critical, High, Medium, Low).
  4. Fix & Verify: Implement fixes and add security tests to prevent regression.

🚨 Response

If a critical vulnerability or exposed secret is found, stop work immediately, rotate secrets if leaked, and prioritize the fix over all other tasks.