AgentSkillsCN

security-review

基于 Anthropic 的 claude-code-security-review,开展以安全为导向的代码审查,精准识别具有真实利用潜力的高置信度漏洞。设置超过 80% 的置信度阈值,有效降低误报率。适用于在审查 PR 时,重点关注安全相关问题。

SKILL.md
--- frontmatter
name: security-review
description: Perform security-focused code review to identify HIGH-CONFIDENCE vulnerabilities with real exploitation potential. Based on Anthropic's claude-code-security-review. Minimizes false positives with >80% confidence threshold. Use when reviewing PRs for security issues.
context: fork
agent: security-review
allowed-tools: Bash(git:*), Bash(gh:*), Read, Glob, Grep, LS, Task

Security Review

Conduct a security-focused code review of the pending changes.

Context

GIT STATUS:

code
!`git status`

PR METADATA:

code
!`gh pr view --json title,body,author,files,additions,deletions,headRefName,state 2>/dev/null || echo "No PR context - reviewing local branch"`

FILES MODIFIED:

code
!`gh pr diff --name-only 2>/dev/null || git diff --name-only origin/HEAD...`

COMMITS:

code
!`gh pr view --json commits --jq '.commits[].messageHeadline' 2>/dev/null || git log --oneline origin/HEAD...`

DIFF CONTENT:

code
!`gh pr diff 2>/dev/null || git diff --merge-base origin/HEAD`

Objective

Use the security-review agent to identify HIGH-CONFIDENCE security vulnerabilities in the diff above. Focus only on issues with >80% confidence of real exploitability. Your final reply must contain the markdown report.

References

  • references/OWASP_TOP_10.md — OWASP Top 10 quick reference
  • references/FALSE_POSITIVE_GUIDE.md — Detailed false positive filtering guide