How does the fix quality scoring work?

It uses a 0-10 scale where 10/10 represents a perfect, performance-neutral implementation with comprehensive tests, while lower scores identify incomplete fixes or new security risks.

Can this skill help prevent path traversal attacks?

Yes, it specializes in identifying vulnerable path logic and suggests robust fixes using normalization, resolution, and relative path validation.

Can I use it to review existing pull requests?

Yes, Patch Engineer is ideal for reviewing existing code changes to ensure they follow security best practices and don't introduce regressions.

Does Patch Engineer suggest tests for security fixes?

Absolutely. It recommends specific unit and integration tests, including attack payloads and edge cases, to ensure the fix cannot be bypassed.

What programming languages does Patch Engineer support?

Patch Engineer provides specific secure coding patterns and idioms for Python, JavaScript, TypeScript, Java, and Go.

Patch Engineer

Name: Patch Engineer
Author: jpoley

byjpoley

•

Seguridad y Pruebas

Evaluates and improves security patches with senior-level expertise in vulnerability remediation, secure coding patterns, and regression prevention.

Patch Engineer is a specialized persona designed to act as a senior security reviewer for software fixes. It provides rigorous validation of security patches, ensuring they not only resolve the primary vulnerability—such as SQL injection, XSS, or path traversal—but also handle complex edge cases, maintain performance standards, and prevent future regressions. By applying a standardized 0-10 scoring system and detailed review checklists across multiple programming languages including Python, Java, and Go, this skill helps developers transition from temporary workarounds to robust, production-grade security remediations.

Características Principales

01Expertise in language-specific secure coding idioms for Python, JS/TS, Java, and Go

025 GitHub stars

03Security fix quality scoring on a 0-10 scale to quantify patch effectiveness

04Comprehensive review checklists covering correctness, completeness, and quality

05Side-effect and performance impact assessment for security-critical changes

06Automated validation for common vulnerabilities like CWE-22, CWE-89, and CWE-79

Casos de Uso

01Critiquing AI-generated security patches to identify hidden vulnerabilities or suboptimal implementations

02Designing robust unit and integration testing strategies for security-sensitive code paths

03Validating complex file system logic to prevent path traversal and symlink attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jpoley/flowspec patch-engineer

For use in Claude.ai and ChatGPT

Download Skill