What types of vulnerabilities are considered 'Critical'?

Critical issues include hardcoded secrets, SQL injection, XSS, unencrypted PII, authentication/authorization bypasses, and remote code execution.

Can a Tech Lead bypass a security block created by this skill?

No, the Tech Lead cannot override security blocks directly. Issues must either be fixed and re-reviewed, or a formal override must be logged with a written justification for audit.

Does it check for outdated dependencies?

Yes, it categorizes outdated dependencies with known CVEs as High (blocking) and non-CVE outdated packages as Medium (advisory).

How does the security override process work?

When an engineer requests an override, the agent prompts for a justification and generates a document committed to a specific audit directory for monthly review by the security team.

Is this skill mandatory for every pull request?

In standard implementation, the Tech Lead agent must invoke this skill before approving any PR, making it a mandatory step regardless of the code change size.

Security Reviewer for Claude Code

Name: Security Reviewer for Claude Code
Author: violetio

byvioletio

•

Security & Testing

Conducts comprehensive security audits and enforces safety standards by identifying and blocking critical vulnerabilities in your codebase.

The Security Review skill transforms Claude into a rigorous security auditor with the authority to block pull requests containing critical or high-severity vulnerabilities. It automates security checklists across multiple domains—including input validation, secrets management, and SQL injection prevention—ensuring that security is a non-negotiable part of the development lifecycle. Designed for teams that require high compliance and safety standards, this skill provides detailed vulnerability reports and an audited override process for edge cases, ensuring no code is merged without meeting stringent security criteria.

Key Features

011 GitHub stars

02Audited security override system with logged justifications for compliance

03Mandatory blocking authority for High and Critical severity findings

04Comprehensive checklists for Input Validation, Auth, and Data Protection

05Tech Lead workflow integration to prevent unauthorized merges

06Automated detection of critical vulnerabilities like SQLi, XSS, and RCE

Use Cases

01Automated scanning for hardcoded secrets, API keys, and unencrypted PII

02Mandatory security gate for all Pull Requests before final approval

03Auditing code changes for compliance with OWASP and internal security standards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add violetio/violet-ai-plugins security-review

For use in Claude.ai and ChatGPT

Download Skill