Code Security Review

Trust Score 84/100

Three-phase code security audit: broad audit, false-positive filtering, and a concise report with prioritized fixes and confidence-scored findings.

triggers:security reviewvulnerability scancode securitysecurity auditfilter findings

GitHub SKILL.md

What it does

Code Security Review runs a disciplined three-phase process: Phase 1 (Audit) collects candidate findings across the codebase; Phase 2 (Filter) applies hard exclusion patterns and AI-guided filtering rules to remove false positives; Phase 3 (Report) outputs a filter table plus detailed, confidence-scored findings with remediation steps.

When to use it

Use when you need a security audit, vulnerability scan, or code-level review for injection risks, auth bypasses, secrets, XSS, or other vulnerabilities. Appropriate before releases, audits, or when security concerns are raised. Not intended for non-security linting.

What's included

Scripts: none bundled (has_scripts=false) — uses resource files in repo (audit-prompt, filtering rules, exclusion lists)
References: filtering rules and exclusion patterns expected in repo resources (has_references=false flag in fetch)
Instructions: exact Phase 1/2/3 process, required resource files, confidence thresholds (KEEP if confidence >=7), and reporting templates.

Compatible agents

Inferred compatible agents: Claude Code, agent frameworks that support reading resource files and structured three-phase workflows.

Audit Summary

A three-phase code security review skill (audit → filter → report) with no bundled scripts. SKILL.md is well-structured with clear phases, checkpoints, severity references, and a confidence-scoring system for filtering false positives. Purely instructional — the agent reads resource files and follows a defined workflow. No executable code to test.

Watch Out

References resource files (resources/audit-prompt.md etc.) that aren't bundled in the skill — agent must have access to the repo
No scripts included, so effectiveness depends entirely on the agent's ability to follow the multi-phase workflow

Notes

Clean skill with no security concerns. Well-organized three-phase process. Confidence scoring and hard exclusion patterns are thoughtful additions. Resources referenced by relative path which may not resolve if skill is used outside its repo context.

Information

Repository: claude-code-security-skills
Stars: 12
Installs: 0

Trust Score

Overall84

Security93

Code Quality78

Architecture72

Usefulness65

Related Skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

OpenTestAI

Automated, high-confidence AI testing: bug detection, persona feedback, and prioritized test-case generation using many specialized tester profiles.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Minimal Run & Audit (repro reporting)

Execute a README-first smoke test and produce standardized reproducibility outputs (`repro_outputs/`) and PATCHES.md — trusted reporting for repo reproduction r

Skill Issue — Skill Auditor

Scan and audit installed agent skills to produce a health report covering inventory, usage, dependency checks, version status, and actionable recommendations.

GRC & Compliance (ServiceNow)

Guides Governance, Risk & Compliance (GRC) work in ServiceNow: policies, controls, risk records, audits and ES5 script examples for automating GRC workflows.

Code Spec Backfill

Identify missing function-level contracts and backfill docstrings and type annotations; report ambiguous gaps with misuse scenarios. Incremental, state-driven w

Back to Skills