AgentSkillsCN

security-check

扫描代码,识别常见的安全漏洞与反模式。在编写或审查涉及用户输入、身份认证、文件访问、数据库查询,或调用外部 API 的代码时,建议启用此功能。

SKILL.md
--- frontmatter
name: security-check
description: Scans code for common security vulnerabilities and anti-patterns. Use when writing or reviewing code that handles user input, authentication, file access, database queries, or external APIs.
user-invocable: false
context: fork
agent: guardian

Security Check

Scan the current codebase or recent changes for security issues.

Focus areas:

  1. Input validation — Are all user inputs validated before use?
  2. Injection — SQL injection, command injection, path traversal, XSS
  3. Authentication — Session handling, password storage, token management
  4. Secrets — No hardcoded keys, tokens, passwords, or connection strings
  5. Dependencies — Known vulnerabilities in packages

Report findings by severity with specific file:line references.