What types of vulnerabilities are considered 'Critical'?

Critical issues include hardcoded secrets, SQL injection, XSS, unencrypted PII, authentication/authorization bypasses, and remote code execution.

Can a Tech Lead bypass a security block created by this skill?

No, the Tech Lead cannot override security blocks directly. Issues must either be fixed and re-reviewed, or a formal override must be logged with a written justification for audit.

Does it check for outdated dependencies?

Yes, it categorizes outdated dependencies with known CVEs as High (blocking) and non-CVE outdated packages as Medium (advisory).

How does the security override process work?

When an engineer requests an override, the agent prompts for a justification and generates a document committed to a specific audit directory for monthly review by the security team.

Is this skill mandatory for every pull request?

In standard implementation, the Tech Lead agent must invoke this skill before approving any PR, making it a mandatory step regardless of the code change size.

Security Reviewer for Claude Code

Name: Security Reviewer for Claude Code
Author: violetio

byvioletio

•

安全与测试

Conducts comprehensive security audits and enforces safety standards by identifying and blocking critical vulnerabilities in your codebase.

关于

The Security Review skill transforms Claude into a rigorous security auditor with the authority to block pull requests containing critical or high-severity vulnerabilities. It automates security checklists across multiple domains—including input validation, secrets management, and SQL injection prevention—ensuring that security is a non-negotiable part of the development lifecycle. Designed for teams that require high compliance and safety standards, this skill provides detailed vulnerability reports and an audited override process for edge cases, ensuring no code is merged without meeting stringent security criteria.

主要功能

1 GitHub stars
Audited security override system with logged justifications for compliance
Mandatory blocking authority for High and Critical severity findings
Comprehensive checklists for Input Validation, Auth, and Data Protection
Tech Lead workflow integration to prevent unauthorized merges
Automated detection of critical vulnerabilities like SQLi, XSS, and RCE

使用场景

Automated scanning for hardcoded secrets, API keys, and unencrypted PII
Mandatory security gate for all Pull Requests before final approval
Auditing code changes for compliance with OWASP and internal security standards

关于

主要功能

1 GitHub stars
Audited security override system with logged justifications for compliance
Mandatory blocking authority for High and Critical severity findings
Comprehensive checklists for Input Validation, Auth, and Data Protection
Tech Lead workflow integration to prevent unauthorized merges
Automated detection of critical vulnerabilities like SQLi, XSS, and RCE

使用场景

Automated scanning for hardcoded secrets, API keys, and unencrypted PII
Mandatory security gate for all Pull Requests before final approval
Auditing code changes for compliance with OWASP and internal security standards