security-review

security-guidance Plugin, 自然语言: "安全审查当前变更"

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-review" with this command: npx skills add wenjunduan/rlues/wenjunduan-rlues-security-review

触发

Path C+ 的 T 阶段。

工具

工具 调用方式

security-guidance Plugin, 自然语言: "安全审查当前变更"

security-auditor agent 子代理 (background), Path C+ 自动启动

检查项 (VibeCoding 补充)

  • 无硬编码密钥/Token/密码

  • SQL 查询使用参数化 (无字符串拼接)

  • 用户输入已做 XSS 防护

  • API 端点有认证/授权检查

  • 敏感数据不出现在日志中

  • 依赖无已知漏洞 (npm audit )

输出

cunzhi [SECURITY_PASSED] 确认后写入 verified.md。

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

context7

No summary provided by upstream source.

Repository SourceNeeds Review
11-wenjunduan
General

tdd

No summary provided by upstream source.

Repository SourceNeeds Review
11-wenjunduan
General

plan-first

No summary provided by upstream source.

Repository SourceNeeds Review
10-wenjunduan
General

verification

No summary provided by upstream source.

Repository SourceNeeds Review
10-wenjunduan