What types of vulnerabilities can it detect?

It scans for a wide range of issues including SQL injection, XSS, SSRF, path traversal, hardcoded secrets, and broken access controls.

How does the 95% confidence threshold benefit developers?

By only reporting issues with extremely high confidence, the skill prevents 'alert fatigue' and ensures that developers focus on real, exploitable threats.

Does it replace standard linting or formatting tools?

No, it is intended to complement them. It specifically ignores style and formatting to act as a dedicated security specialist.

When should I use this skill in my workflow?

You should invoke this skill when reviewing files that handle input parsing, database queries, authentication logic, or external API calls.

What is the primary focus of the Security Sentinel skill?

It focuses strictly on finding exploitable security vulnerabilities with high confidence, ignoring code style, naming, or general best practices.

Security Sentinel Code Review

Name: Security Sentinel Code Review
Author: xinbenlv

byxinbenlv

0•

セキュリティとテスト

Performs zero-trust security audits to identify exploitable vulnerabilities with high confidence in critical code paths.

Security Sentinel is a paranoid code review skill designed to operate like a high-stakes security engineer. It performs deep, zero-trust analysis on files handling input parsing, database queries, authentication, and external API calls. Unlike standard linters, it ignores code style and naming conventions to focus exclusively on finding exploitable vulnerabilities—such as SQL injection, XSS, and broken access controls—only reporting issues where confidence exceeds 95% to minimize noise and maximize impact.

主な機能

01High-confidence reporting (95%+) to eliminate false positives

02Automated secret detection for API keys and private tokens

030 GitHub stars

04Comprehensive injection detection (SQL, XSS, Command, Path)

05Zero-trust vulnerability analysis for sensitive logic

06Authentication and authorization logic auditing

ユースケース

01Scanning external API integrations for SSRF and data exposure

02Reviewing authentication middleware and authorization checks

03Auditing database interaction layers for injection risks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add xinbenlv/codereview-skills codereview-security

For use in Claude.ai and ChatGPT

Download Skill