security review AI Agent Skills
Browse 148 skills related to security review
find-bugs
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.
find-bugs
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.
security-review
Run a comprehensive security review on code
audit-prep-assistant
Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).
security-reviewer
Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews.
security-best-practices
Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks.
aws-advisor
Expert AWS Cloud Advisor for architecture design, security review, and implementation guidance. Leverages AWS MCP tools for accurate, documentation-backed answers. Use when user asks about AWS architecture, security, service selection, migrations, troubleshooting, or learning AWS. Triggers on AWS, Lambda, S3, EC2, ECS, EKS, DynamoDB, RDS, CloudFormation, CDK, Terraform, Serverless, SAM, IAM, VPC, API Gateway, or any AWS service.
plugin-auditor
Automatically audits Claude Code plugins for security vulnerabilities, best practices, CLAUDE.md compliance, and quality standards when user mentions audit plugin, security review, or best practices check. Specific to claude-code-plugins repository standards.
cursor-compliance-audit
Execute compliance and security auditing for Cursor usage. Triggers on "cursor compliance", "cursor audit", "cursor security review", "cursor soc2", "cursor gdpr". Use when analyzing or auditing cursor compliance audit. Trigger with phrases like "cursor compliance audit", "cursor audit", "cursor".
klingai-compliance-review
Execute conduct compliance reviews for Kling AI integrations. Use when preparing for audits, ensuring regulatory compliance, or reviewing security posture. Trigger with phrases like 'klingai compliance', 'kling ai audit prep', 'klingai security review', 'video generation compliance'.
openrouter-compliance-review
Execute conduct security and compliance review of OpenRouter integration. Use when preparing for audits or security assessments. Trigger with phrases like 'openrouter security review', 'openrouter compliance', 'openrouter audit', 'security assessment'.
k8s-security
Audit Kubernetes RBAC, enforce policies, and manage secrets. Use for security reviews, permission audits, policy enforcement with Kyverno/Gatekeeper, and secret management.
django-access-review
Django access control and IDOR security review. Use when reviewing Django views, DRF viewsets, ORM queries, or any Python/Django code handling user authorization. Trigger keywords: "IDOR", "access control", "authorization", "Django permissions", "object permissions", "tenant isolation", "broken access".
security-review
Security code review for vulnerabilities. Use when asked to "security review", "find vulnerabilities", "check for security issues", "audit security", "OWASP review", or review code for injection, XSS, authentication, authorization, cryptography issues. Provides systematic review with confidence-based reporting.
find-bugs
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.
convex-security-audit
Deep security review patterns for authorization logic, data access boundaries, action isolation, rate limiting, and protecting sensitive operations
firebase-development-validate
This skill should be used when reviewing Firebase code against security model and best practices. Triggers on "review firebase", "check firebase", "validate", "audit firebase", "security review", "look at firebase code". Validates configuration, rules, architecture, and security.
security-audit
Security review or audit of code, architecture, or infrastructure - Threat modeling sessions - Reviewing PRs for security implications
review
Review code quality, security, and maintainability before committing. Use when reviewing code changes, checking code quality, performing security review, or validating changes before commit.
security-audit-example
Example security audit skill demonstrating how to audit code for security vulnerabilities. Use when the user asks to perform security reviews, check for vulnerabilities, or audit code security.
TypeScript Security Review
Provides a comprehensive security review capability for TypeScript and Node.js applications. It validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure. Use this when performing security audits, before deployment, when reviewing authentication/authorization implementations, or when ensuring OWASP compliance for Express, NestJS, and Next.js. Triggers on "security review", "check for security issues", "TypeScript security audit".
owasp-security
Implement secure coding practices following OWASP Top 10. Use when preventing security vulnerabilities, implementing authentication, securing APIs, or conducting security reviews. Triggers on OWASP, security, XSS, SQL injection, CSRF, authentication security, secure coding, vulnerability.
smart-contract-security-review
Security review for Scalus/Cardano smart contracts. Analyzes @Compile annotated validators for vulnerabilities like redirect attacks, inexact value validation, missing token verification, integer overflow, and self-dealing. Use when reviewing on-chain code, before deploying validators, or when /security-review is invoked. Requires explicit path argument.
improve-pr
Comprehensive PR analysis with security review, code quality assessment, and automatic improvements. Use when reviewing PRs for security issues, performance optimizations, or best practices violations. Provides multi-dimensional analysis with safe auto-apply options.
sec-context-depth
Comprehensive AI code security review using 27 sec-context anti-patterns. Use for code review when security vulnerabilities are suspected, especially for AI-generated code.
security
Security audits, vulnerability detection, and secure coding. Use for security reviews, auth implementation, or OWASP compliance.
optimization-phase
Validates production readiness through performance benchmarking, accessibility audits, security reviews, and code quality checks. Use after implementation phase completes, before deployment, or when conducting quality gates for features. (project)
security
Security review and guidance for iOS, macOS, and watchOS apps. Covers secure storage, biometric authentication, network security, and platform-specific patterns. Use when implementing security features or reviewing code for vulnerabilities.
security-audit
Comprehensive security code audit using multi-phase analysis (Assessment → STRIDE Threat Modeling → Code Review → Report). Use when asked to perform security review, vulnerability assessment, code audit, pentest code review, find security bugs, or analyze code for vulnerabilities. Optimized for bug bounty hunting with concrete evidence and exploitability validation.
solidity-security-review
Smart contract security review methodology. Use when auditing Solidity code, analyzing vulnerabilities, or verifying security findings.
bmad-security-review
Hardens designs and implementations with structured security reviews.
security-review
Security review via Codex MCP. Use when: OWASP Top 10 audit, dependency vulnerability check, security-sensitive changes. Not for: code review (use codex-code-review), test review (use test-review). Output: security findings + audit report.
security
Security best practices for secure coding, authentication, authorization, and data protection. Use when developing features that handle sensitive data, user authentication, or require security review.
code-quality
Use this skill for code review, testing, refactoring, and optimization. Activates for security review, test generation, performance analysis, and code cleanup tasks.
zz-code-recon
Deep architectural context building for security audits. Use when conducting security reviews, building codebase understanding, mapping trust boundaries, or preparing for vulnerability analysis. Inspired by Trail of Bits methodology.
equilateral-agents
22 production-ready AI agents with database-driven orchestration for security reviews, code quality analysis, deployment validation, infrastructure checks, and compliance. Auto-activates for security concerns, deployment tasks, code reviews, quality checks, and compliance questions. Includes upgrade paths to enterprise features (GDPR, HIPAA, multi-account AWS, ML-based optimization).
claude-tob-review
Trail of Bits security skills analysis for Solidity contracts. Use for deep smart contract security review with invariant suggestions.
redteam
Red team adversarial analysis to find weaknesses, vulnerabilities, and failure modes. Use before launches, for security review, or when a plan feels too perfect.
security-review-construction
Security review checklist for construction software systems. Use when building integrations, APIs, data pipelines, or dashboards for construction projects.
security-checklist
Pre-deployment security audit for web applications. Use when reviewing code before shipping, auditing an existing application, or when users mention "security review," "ready to deploy," "going to production," or express concern about vulnerabilities. Covers authentication, input validation, secrets management, database security, and compliance basics.
dev_invoke_kimi-cli
Delegate testing, QA, and code review tasks to Opencode CLI using Kimi K2.5 model via markdown file handoff. Write test request to TASK.md, Opencode with Kimi K2.5 generates tests/reviews, outputs to OUTPUT.md. Use for test generation, QA verification, edge case detection, code coverage analysis, security reviews. Triggers: kimi, kimi k2.5, kimi cli, opencode kimi, test generation, QA, quality assurance, code review, unit tests, integration tests, edge cases, test coverage, testing, kimisubagent, togetherai kimi, opencode/kimi-k2.5-free, togetherai/moonshotai/Kimi-K2.5 Prerequisites: Opencode CLI installed, Together.ai API key (if using togetherai provider) Models: opencode/kimi-k2.5-free (recommended), togetherai/moonshotai/Kimi-K2.5 (alternative)
security-auditor
Security vulnerability scanner and OWASP compliance auditor for codebases. Dependency scanning (npm audit, pip-audit), secret detection (high-entropy strings, API keys), SAST for injection/XSS vulnerabilities, and security posture reports. Activate on 'security audit', 'vulnerability scan', 'OWASP', 'secret detection', 'dependency check', 'CVE', 'security review', 'penetration testing prep'. NOT for runtime WAF configuration (use infrastructure tools), network security/firewalls, or compliance certifications like SOC2/HIPAA (legal/organizational).
Convex Security Audit
Deep security review patterns for authorization logic, data access boundaries, action isolation, rate limiting, and protecting sensitive operations
security-threat-model
Use when designing or reviewing systems handling sensitive data (PII, PHI, financial, auth credentials), building features with security implications (auth, payments, file uploads, APIs), preparing for security audits or compliance (PCI, HIPAA, SOC 2), investigating security incidents, integrating third-party services, or when user mentions "threat model", "security architecture", "STRIDE", "trust boundaries", "attack surface", or "security review".
security-review
Security-focused code review with attack surface mapping and risk classification. Use when reviewing PRs for security, auditing code changes, or analyzing potential vulnerabilities. Triggers on: 'security review', 'use security mode', 'audit this', 'check for vulnerabilities', 'is this secure', 'attack surface', 'threat model', 'security check'. Read-only mode - identifies issues but doesn't fix them.
code-reviewer
Code review specialist for quality standards, design patterns, security review, and constructive feedbackUse when "code review, pull request, PR review, code quality, refactor, technical debt, design pattern, best practice, code-review, quality, patterns, security, refactoring, best-practices, pull-request, review, ml-memory" mentioned.
smart-contract-auditor
Elite security researcher who hunts vulnerabilities in smart contracts. Has found critical bugs worth millions in TVL. Specializes in reentrancy, access control, oracle manipulation, and economic exploits across EVM and Solana. Use when "audit, security review, vulnerability, exploit, reentrancy, access control, oracle manipulation, flash loan attack, smart contract security, slither, mythril, formal verification, invariant testing, security, audit, smart-contracts, solidity, vulnerabilities, defi, exploits, reentrancy, access-control, oracle-manipulation" mentioned.
Security
Security review skill: a comprehensive security checklist and patterns. Use when adding authentication, handling user input, working with secrets, or creating API endpoints.