master-security-review

Community

Confidence-calibrated security review for your project stack.

AuthorNewEarthAI
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill provides a comprehensive security review for your project stack, identifying potential vulnerabilities and ensuring your application is secure.

Core Features & Use Cases

  • Secure-by-Default Mode: Proactively writes secure patterns while coding.
  • Passive Detection Mode: Flags HIGH-confidence findings while working on other tasks.
  • Full Audit Mode: Conducts a complete 4-tier review with structured output.
  • Automated Scanning: Runs hardcoded secrets, exposed service role keys, dangerous patterns, and external tools like gitleaks, npm audit, and semgrep.
  • Pattern-Based Review: Searches for SQL injection, XSS, auth bypass, SSRF, IDOR, secrets exposure, RLS bypass, and file upload vulnerabilities.
  • Data Flow Analysis: Traces input to sink and checks for sanitization/validation.
  • Architecture Review: Verifies trust boundaries, API key taxonomy, and authentication patterns.
  • Confidence Calibration: Flags findings with HIGH, MEDIUM, or LOW confidence based on criteria.
  • Output Format: Provides a structured report with CRITICAL, HIGH, MEDIUM, and LOW severity findings.

Quick Start

Run a security review on this repo.

Dependency Matrix

Required Modules

gitleaksnpm auditsemgrep

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: master-security-review
Download link: https://github.com/NewEarthAI/vibecode-project-template/archive/main.zip#master-security-review

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.