What happens if a critical vulnerability is identified?

The skill will issue a FAIL verdict and provide specific recommendations that should be addressed before the implementation is considered complete.

How does this differ from a full security audit?

This skill focuses specifically on the 'delta'—the files and logic modified during the current session—rather than analyzing the entire legacy codebase.

Does the methodology include dependency checks?

Yes, the review scope includes identifying new dependencies and checking them for known vulnerabilities and trusted sources.

Does it support multiple programming languages?

Yes, it includes specialized security considerations for common languages including JavaScript, TypeScript, Python, Ruby, and Go.

Is this skill aligned with industry standards?

The checklist and methodology are closely aligned with the OWASP Top 10 patterns and modern secure coding practices.

Security Review Methodology

Name: Security Review Methodology
Author: bostonaholic

bybostonaholic

•

보안 및 테스팅

Analyzes implementation changes for security vulnerabilities and risks using a structured framework based on industry best practices.

소개

The Security Review skill provides a disciplined methodology for evaluating the security implications of code modifications before they are committed. Instead of performing exhaustive codebase audits, it focuses specifically on the 'delta'—the changes introduced during a specific implementation session—to catch high-risk patterns such as injection vulnerabilities, broken access control, and insecure configurations. By leveraging a comprehensive checklist aligned with the OWASP Top 10 and offering language-specific guidance for JavaScript, Python, Ruby, and Go, this skill helps developers maintain a high security bar throughout the development lifecycle, providing actionable findings and clear PASS/FAIL verdicts.

주요 기능

2 GitHub stars
Risk-level categorization for authentication, data access, and API logic
Targeted delta-based assessments for modified files and new dependencies
Language-specific vulnerability detection for major programming stacks
Standardized reporting with classified findings and actionable fix recommendations
Comprehensive security checklist covering OWASP Top 10 patterns

사용 사례

Reviewing incremental code changes for vulnerabilities before committing to the repository
Assessing the security posture of new API endpoints and data handling logic
Evaluating the risk of newly introduced third-party dependencies

소개

주요 기능

2 GitHub stars
Risk-level categorization for authentication, data access, and API logic
Targeted delta-based assessments for modified files and new dependencies
Language-specific vulnerability detection for major programming stacks
Standardized reporting with classified findings and actionable fix recommendations
Comprehensive security checklist covering OWASP Top 10 patterns

사용 사례

Reviewing incremental code changes for vulnerabilities before committing to the repository
Assessing the security posture of new API endpoints and data handling logic
Evaluating the risk of newly introduced third-party dependencies