What happens if a critical vulnerability is identified?

The skill will issue a FAIL verdict and provide specific recommendations that should be addressed before the implementation is considered complete.

How does this differ from a full security audit?

This skill focuses specifically on the 'delta'—the files and logic modified during the current session—rather than analyzing the entire legacy codebase.

Does the methodology include dependency checks?

Yes, the review scope includes identifying new dependencies and checking them for known vulnerabilities and trusted sources.

Does it support multiple programming languages?

Yes, it includes specialized security considerations for common languages including JavaScript, TypeScript, Python, Ruby, and Go.

Is this skill aligned with industry standards?

The checklist and methodology are closely aligned with the OWASP Top 10 patterns and modern secure coding practices.

Security Review Methodology

Name: Security Review Methodology
Author: bostonaholic

bybostonaholic

•

Seguridad y Pruebas

Analyzes implementation changes for security vulnerabilities and risks using a structured framework based on industry best practices.

The Security Review skill provides a disciplined methodology for evaluating the security implications of code modifications before they are committed. Instead of performing exhaustive codebase audits, it focuses specifically on the 'delta'—the changes introduced during a specific implementation session—to catch high-risk patterns such as injection vulnerabilities, broken access control, and insecure configurations. By leveraging a comprehensive checklist aligned with the OWASP Top 10 and offering language-specific guidance for JavaScript, Python, Ruby, and Go, this skill helps developers maintain a high security bar throughout the development lifecycle, providing actionable findings and clear PASS/FAIL verdicts.

Características Principales

012 GitHub stars

02Risk-level categorization for authentication, data access, and API logic

03Targeted delta-based assessments for modified files and new dependencies

04Language-specific vulnerability detection for major programming stacks

05Standardized reporting with classified findings and actionable fix recommendations

06Comprehensive security checklist covering OWASP Top 10 patterns

Casos de Uso

01Reviewing incremental code changes for vulnerabilities before committing to the repository

02Assessing the security posture of new API endpoints and data handling logic

03Evaluating the risk of newly introduced third-party dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bostonaholic/rpikit security-review

For use in Claude.ai and ChatGPT

Download Skill