security-pr-reviewer

Community

Catch security flaws before merge.

Authornguyenpv1980-wq
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill reviews an actual code diff for security risk before merge, helping catch authorization gaps, injection flaws, secrets exposure, and control regressions that a general review might miss.

Core Features & Use Cases

  • Diff-Driven Security Review: Analyzes a real PR, branch delta, staged changes, or commit diff rather than a verbal description.
  • Authorization and Tenant Checks: Verifies object-level authorization and server-derived tenant scoping on SaaS data paths, including anti-IDOR checks.
  • Injection and Secret Hunting: Looks for SQL, NoSQL, shell, template, deserialization, SSRF, redirect, and secrets handling issues.
  • Security Verdicts: Produces severity-ranked findings with file and line evidence, exploit paths for high-severity issues, remediation guidance, and an approve or request-changes decision.
  • Use Case: Use it when a PR adds a new endpoint, relaxes a security control, or touches auth, uploads, external calls, or data access logic.

Quick Start

Ask for a security review of the actual diff for your PR or branch and include the base ref so the Skill can inspect the changed files and return a verdict with evidence.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: security-pr-reviewer
Download link: https://github.com/nguyenpv1980-wq/Project-Aegis/archive/main.zip#security-pr-reviewer

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 545,000+ vetted skills library on demand.