security-pr-reviewer
CommunityCatch security flaws before merge.
Software Engineering#diff analysis#pull request#injection#security review#secrets#tenant isolation#authz
Authornguyenpv1980-wq
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill reviews an actual code diff for security risk before merge, helping catch authorization gaps, injection flaws, secrets exposure, and control regressions that a general review might miss.
Core Features & Use Cases
- Diff-Driven Security Review: Analyzes a real PR, branch delta, staged changes, or commit diff rather than a verbal description.
- Authorization and Tenant Checks: Verifies object-level authorization and server-derived tenant scoping on SaaS data paths, including anti-IDOR checks.
- Injection and Secret Hunting: Looks for SQL, NoSQL, shell, template, deserialization, SSRF, redirect, and secrets handling issues.
- Security Verdicts: Produces severity-ranked findings with file and line evidence, exploit paths for high-severity issues, remediation guidance, and an approve or request-changes decision.
- Use Case: Use it when a PR adds a new endpoint, relaxes a security control, or touches auth, uploads, external calls, or data access logic.
Quick Start
Ask for a security review of the actual diff for your PR or branch and include the base ref so the Skill can inspect the changed files and return a verdict with evidence.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-pr-reviewer Download link: https://github.com/nguyenpv1980-wq/Project-Aegis/archive/main.zip#security-pr-reviewer Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 545,000+ vetted skills library on demand.