security-review
SKILL.md
Security Review
Perform a security review of code changes.
When to use this skill
- When reviewing code for security vulnerabilities
- Before completing changes to authentication/authorization code
- When adding new dependencies
- During security-focused code reviews
- When asked to perform a "security review" or "security audit"
Skill Contents
Available Resources
📚 references/ - Detailed documentation
Quick Checklist
- Credential Scanning - Search for hardcoded secrets
- Input Validation - Check SQL injection, XSS, command injection
- Authentication & Authorization - Review auth mechanisms
- Data Protection - Check encryption and data handling
- Dependency Security - Scan for vulnerable packages
Output Format
For each finding, provide:
- Finding: Description of the issue
- Severity: Critical/High/Medium/Low
- Recommendation: How to fix
- File/Line: Location
Security Checks
| Check | Description |
|---|---|
| Credential scanning | Detect hardcoded secrets |
| Input validation | Verify user input is sanitized |
| Dependency audit | Check for vulnerable dependencies |
| Authentication | Review auth/authz implementations |
References
| Technology | Reference |
|---|---|
| Java | references/java/security-patterns.md |
| TypeScript | references/typescript/security-patterns.md |
| Python | references/python/security-patterns.md |
| Go | references/go/security-patterns.md |
Related Skills
- fix-vulnerabilities (Java) - Dependency vulnerability management
- fix-vulnerabilities (Node.js) - npm audit and vulnerability management
- fix-sonarqube (Java) - SonarQube issue fixing for Java
- fix-sonarqube (Node.js) - SonarQube issue fixing for Node.js
Weekly Installs
9
Repository
bitsoex/bitso-javaGitHub Stars
36
First Seen
Jan 24, 2026
Security Audits
Installed on
claude-code7
antigravity6
windsurf6
codex6
gemini-cli6
opencode6