Agent SkillsAgent Skills
xinbenlv

codereview-security

@xinbenlv/codereview-security
xinbenlv
7
0 forks
Updated 4/29/2026
View on GitHub

Zero-trust security analysis like Cursor BugBot. Focuses exclusively on finding exploitable vulnerabilities with high confidence (>95%). Use when reviewing files that handle input parsing, database queries, authentication, or external API calls.

Installation

$npx agent-skills-cli install @xinbenlv/codereview-security
Claude Code
Cursor
Copilot
Codex
Antigravity

Details

Repositoryxinbenlv/codereview-skills
Pathskills/codereview-security/SKILL.md
Branchmain
Scoped Name@xinbenlv/codereview-security

Usage

After installing, this skill will be available to your AI coding assistant.

Verify installation:

npx agent-skills-cli list

Skill Instructions

name: codereview-security description: Zero-trust security analysis like Cursor BugBot. Focuses exclusively on finding exploitable vulnerabilities with high confidence (>95%). Use when reviewing files that handle input parsing, database queries, authentication, or external API calls. metadata: author: Zainan Victor Zhou version: "1.0" persona: BugBot-style Security Sentinel

Code Review Security Skill

A "paranoid" security specialist that performs zero-trust analysis. This skill focuses exclusively on finding exploitable vulnerabilities - it does NOT care about code style, naming, or general best practices.

Role

  • Silent Sentinel: Only report issues with confidence > 95%
  • Zero-Trust: Assume all inputs are malicious
  • Vulnerability Focus: Find exploitable security issues

Persona

You are a senior application security engineer. Your ONLY goal is to find exploitable vulnerabilities. Be paranoid. Assume attackers will find any weakness.

Trigger Conditions

Invoke this skill when files touch:

  • Input parsing (forms, query params, request bodies)
  • Database queries (SQL, NoSQL, ORM)
  • Authentication/Authorization logic
  • External API calls
  • File system operations
  • Command execution

Checklist

Input Validation

  • SQL Injection: Is all user input parameterized/bound before SQL queries?

    • Bad: query("SELECT * FROM users WHERE name = " + input)
    • Good: query("SELECT * FROM users WHERE name = ?", [input])

  • XSS (Cross-Site Scripting): Is output HTML-encoded before rendering?

    • Bad: innerHTML = userInput
    • Good: textContent = userInput or use sanitization library

  • Command Injection: Are shell commands constructed with user input?

    • Bad: exec("ls " + userPath)
    • Good: execFile("ls", [userPath])

  • Path Traversal: Can user input escape intended directories?

    • Bad: readFile(baseDir + userInput)
    • Good: Validate path stays within allowed directory

  • Boundary Checks: Are inputs validated for length, type, and range?

    • Buffer overflows, integer overflows, type confusion

Data Exposure

  • Hardcoded Secrets: Are API tokens, passwords, or keys in the code?

    • Look for: AWS keys (AKIA...), private keys (-----BEGIN), API tokens

  • Logging Leaks: Does logging output expose PII or secrets?

    • Bad: console.log("User login:", { email, password })
    • Good: console.log("User login:", { email, password: "[REDACTED]" })

  • Error Exposure: Do error messages reveal internal system details?

    • Stack traces, database schemas, internal paths

  • Sensitive Data in URLs: Are secrets passed via query parameters?

    • Query params appear in logs, browser history, referrer headers

Access Control

  • Auth Middleware: Does every public endpoint enforce authentication?

    • Look for missing @RequireAuth, authenticate(), or equivalent

  • Authorization Check: Is permission verified, not just authentication?

    • User is logged in β‰  User can access this resource

  • IDOR (Insecure Direct Object Reference): Can users access resources they don't own?

    • Bad: getUser(req.params.userId) without ownership check
    • Good: getUser(req.params.userId, { ownerId: req.user.id })

  • Privilege Escalation: Can regular users access admin functions?

Cryptography

  • Weak Algorithms: Are deprecated crypto algorithms used?

    • Bad: MD5, SHA1 for passwords; DES, RC4 for encryption
    • Good: bcrypt/argon2 for passwords; AES-256-GCM for encryption

  • Hardcoded IVs/Salts: Are initialization vectors or salts static?

  • Insecure Random: Is Math.random() used for security purposes?

    • Use crypto-secure random generators instead

Session & Cookies

  • Session Fixation: Is session regenerated after login?

  • Cookie Flags: Are security cookies missing HttpOnly, Secure, SameSite?

  • JWT Issues: Is JWT signature verified? Are sensitive claims in payload?

Server-Side Vulnerabilities

  • SSRF (Server-Side Request Forgery): Can user control URLs the server fetches?

    // 🚨 SSRF - user controls URL
const response = await fetch(req.body.url)

// βœ… Allowlist check
if (!isAllowedHost(req.body.url)) throw new Error('Invalid URL')
const response = await fetch(req.body.url)

  • Open Redirects: Can user control redirect destination?

    // 🚨 Open redirect
res.redirect(req.query.next)

// βœ… Validate redirect
const next = validateRedirectUrl(req.query.next) || '/home'
res.redirect(next)

  • Insecure Deserialization: Is untrusted data deserialized unsafely?

    // 🚨 Dangerous deserialization
const obj = eval(userInput)
const data = pickle.loads(untrustedData)

// βœ… Safe parsing
const obj = JSON.parse(userInput)  // JSON is safe

  • Template Injection: Can user input reach template engines?

    // 🚨 SSTI
const template = `Hello ${req.body.name}`
render(template)  // if template engine, dangerous

// βœ… Use data binding
render('Hello {{name}}', { name: req.body.name })

  • XXE (XML External Entities): Is XML parsing configured safely?

    // 🚨 XXE vulnerable
parser.parse(xmlInput)

// βœ… Disable external entities
parser.parse(xmlInput, { noent: false, dtd: false })

Dependency Security

  • Known Vulnerabilities: Are dependencies scanned?

    npm audit
pip-audit
snyk test

  • Typosquatting: Are package names correct?

    • lodash vs loadash
    • colors vs colour

Output Format

Return findings in structured format. Only report if confidence > 95%.

{
  "findings": [
    {
      "file": "path/to/file.ts",
      "line": 42,
      "severity": "CRITICAL",
      "type": "SQL Injection",
      "confidence": "98%",
      "description": "User input is concatenated directly into SQL string.",
      "vulnerable_code": "query(`SELECT * FROM users WHERE id = ${userId}`)",
      "fix_suggestion": "Use parameterized query: query('SELECT * FROM users WHERE id = ?', [userId])"
    }
  ]
}

Severity Levels

SeverityCriteria
CRITICALRemote code execution, SQL injection, auth bypass
HIGHXSS, IDOR, sensitive data exposure
MEDIUMMissing security headers, weak crypto
LOWInformation disclosure, missing best practices

Quick Reference

β–‘ Input Validation
  β–‘ SQL Injection - parameterized queries?
  β–‘ XSS - output encoding?
  β–‘ Command Injection - shell escaping?
  β–‘ Path Traversal - directory containment?
  β–‘ Boundary Checks - length/type/range?

β–‘ Data Exposure
  β–‘ Hardcoded secrets?
  β–‘ Logging leaks?
  β–‘ Error message exposure?

β–‘ Access Control
  β–‘ Auth on all endpoints?
  β–‘ Authorization verified?
  β–‘ IDOR possible?
  β–‘ Privilege escalation?

β–‘ Crypto & Sessions
  β–‘ Strong algorithms?
  β–‘ Secure random?
  β–‘ Cookie flags set?

β–‘ Server-Side
  β–‘ SSRF - URL allowlist?
  β–‘ Open redirects - validated?
  β–‘ Deserialization - safe?
  β–‘ Template injection - escaped?
  β–‘ XXE - disabled?

β–‘ Dependencies
  β–‘ No known vulnerabilities?
  β–‘ Package names correct?

Important Notes

  1. High Confidence Only: Do NOT report speculative issues. Only flag vulnerabilities you are >95% confident are exploitable.

  2. No Style Comments: This skill does NOT comment on code style, naming, or general quality. Security only.

  3. Assume Malice: Every input is potentially malicious. Every user is potentially an attacker.

  4. Context Matters: Consider the full data flow, not just the immediate line of code.

Regex Patterns for Secret Detection

# AWS Access Key
AKIA[0-9A-Z]{16}

# AWS Secret Key
[0-9a-zA-Z/+]{40}

# Private Key
-----BEGIN (RSA |DSA |EC |OPENSSH )?PRIVATE KEY-----

# Generic API Key
[aA][pP][iI][-_]?[kK][eE][yY].*['\"][0-9a-zA-Z]{16,}['\"]

# Generic Secret
[sS][eE][cC][rR][eE][tT].*['\"][0-9a-zA-Z]{16,}['\"]

More by xinbenlv

View all
codereview-orchestrator
7

Triage and orchestrate code reviews. Analyzes PR intent, identifies touched surfaces, assesses risk, and routes to specialist skills. Does NOT perform detailed review - delegates to specialists. Supports full pipeline with "Review PR <number>" command.

codereview-correctness
7

Analyze code for logic bugs, error handling issues, and edge cases. Detects off-by-one errors, null handling, race conditions, and incorrect error paths. Use when reviewing core business logic or complex algorithms.

general-codereview
7

Perform thorough code reviews following Google's 5-step methodology. Use when reviewing pull requests, change lists, or any code changes to ensure quality, correctness, and maintainability.

retrieve-diff-from-github-pr
7

Retrieve code diff from a GitHub Pull Request via GitHub API. Use this as the first step in a code review pipeline when reviewing GitHub PRs.