nemoclaw-maintainer-security-code-review

What problem does it solve?

Helps maintainers and security engineers find security regressions and vulnerabilities introduced by code changes by producing a structured, per-category assessment that supports informed merge decisions and triage.

Core Features & Use Cases

• Structured 9‑category checklist: Evaluates secrets, input validation, auth, dependencies, logging, cryptography, configuration, security testing, and holistic posture with PASS/WARNING/FAIL verdicts and justifications.
• PR-focused workflow: Checks out the target branch using git and the GitHub CLI, lists and prioritizes changed files, reads diffs and file contents, and outputs detailed findings with remediation suggestions.
• Prioritization for large changes: For large PRs, it prioritizes authentication/authorization, input handling, configs, and dependency changes to focus reviewer effort where risk is highest.
• Use Case: Review a NemoClaw pull request before merge to detect sandbox escape vectors, Dockerfile injection, credential leakage, or blueprint tampering.

Quick Start

Use the nemoclaw-maintainer-security-code-review skill to audit the pull request URL and produce a per-category PASS/WARNING/FAIL report with remediation recommendations.