diyu-security-reviewer

Community

Automate code security reviews with OWASP checks.

Software Engineering #rls #secret-detection #security-review #code-audit #multitenancy #owasp-top10

Authorandyan77

Version1.0.0

Installs0

System Documentation

What problem does it solve?

代码变更的安全审查缺失是上线风险的根源。本 Skill 提供基于 OWASP Top 10 的逐项检查、密钥泄露扫描、LLM Gateway 红线校验、RLS/多租户隔离验证以及文件上传安全的自动化审查框架，帮助团队在提交前就发现并记录潜在风险。

Core Features & Use Cases

OWASP Top 10 对应审查点：对常见 Web 应用安全风险进行系统性核验，输出清晰的修复要点。
密钥泄露检测：对代码库进行密钥/凭证模式扫描，降低硬编码风险。
多租户隔离与 RLS 验证：确保数据访问遵循租户边界，防止跨租户数据泄露。
LLM Gateway 红线：强制通过网关调用 LLM，确保审计与合规性。
输入与上传安全：对用户输入、文件上传路径进行安全性校验。
场景示例：在合并请求中对新增模块执行完整的安全审查并输出报告。

Quick Start

Start a security review by inspecting the touched files and generating an OWASP-aligned report.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: diyu-security-reviewer
Download link: https://github.com/andyan77/diyu-agent/archive/main.zip#diyu-security-reviewer

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.

View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.