Security Review FAQs

Question 1

How does the Security Review skill detect secrets?

Accepted Answer

The skill utilizes a combination of pattern-matching regular expressions and a structured checklist to identify hardcoded keys, passwords, and unencrypted tokens within your source files.

Question 2

What severity levels does the skill use to rank issues?

Accepted Answer

Issues are categorized into four levels: Critical (deployment blockers), High (must fix before merge), Medium (fix when possible), and Low (minor improvements).

Question 3

Is this a replacement for a full security audit?

Accepted Answer

While it is a powerful tool for catching common coding errors and OWASP Top 10 vulnerabilities during development, it should be used as a supplement to, not a replacement for, professional penetration testing.

Question 4

Does it check for environment variable configuration?

Accepted Answer

Yes, a core part of the checklist ensures that sensitive data is moved to environment variables and that .env files are correctly excluded via .gitignore.

Question 5

Can this skill help prevent SQL injections?

Accepted Answer

Yes, it includes specific audit steps to ensure that parameterized queries are used and that all user inputs are properly validated and sanitized before database interaction.

Security Review

Key Features

Use Cases

Security Review

Key Features

Use Cases