Security Reviewer — for Claude Code Security Reviewer, cahier, community, for Claude Code, ide skills, calm-technology, claude-code, claude-opus-4-7, hackathon, health

v1.0.0
GitHub

关于此技能

适用场景: Ideal for AI agents that need read docs/compound/research/security/overview.md for severity classification and escalation triggers. 本地化技能摘要: A calm-tech health app — one concept a day, every claim cited. It covers calm-technology, claude, claude-code workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

功能特性

Read docs/compound/research/security/overview.md for severity classification and escalation triggers
Read all changed files completely, focusing on:
Input handling and data flow to interpreters (SQL, shell, HTML, templates)
Secrets and credential management
Authentication and authorization enforcement

# 核心主题

for Claude Code calm-technology claude-code claude-opus-4-7 hackathon health
Nathandela Nathandela
[0]
[0]
更新于: 4/26/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 10/11

This page remains useful for teams, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Original recommendation layer Concrete use-case guidance Explicit limitations and caution Quality floor passed for review
Review Score
10/11
Quality Score
60
Canonical Locale
en
Detected Body Locale
en

适用场景: Ideal for AI agents that need read docs/compound/research/security/overview.md for severity classification and escalation triggers. 本地化技能摘要: A calm-tech health app — one concept a day, every claim cited. It covers calm-technology, claude, claude-code workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

核心价值

推荐说明: Security Reviewer helps agents read docs/compound/research/security/overview.md for severity classification and escalation triggers. A calm-tech health app — one concept a day, every claim cited. This AI agent

适用 Agent 类型

适用场景: Ideal for AI agents that need read docs/compound/research/security/overview.md for severity classification and escalation triggers.

赋予的主要能力 · Security Reviewer

适用任务: Applying Read docs/compound/research/security/overview.md for severity classification and escalation triggers
适用任务: Applying Read all changed files completely, focusing on:
适用任务: Applying Input handling and data flow to interpreters (SQL, shell, HTML, templates)

! 使用限制与门槛

  • 限制说明: P1 : Authenticated exploit, limited data breach, missing auth on sensitive routes (requires ack)
  • 限制说明: P0 (BLOCKS MERGE): Must fix before merge, no exceptions
  • 限制说明: P1 (REQUIRES ACK): Must acknowledge or fix before merge

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.

Source Boundary

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

评审后的下一步

先决定动作,再继续看上游仓库材料

Killer-Skills 的主价值不应该停在“帮你打开仓库说明”,而是先帮你判断这项技能是否值得安装、是否应该回到可信集合复核,以及是否已经进入工作流落地阶段。

安装路径

先进入安装与验证

如果这项技能值得继续,下一步应该先确认安装命令、CLI 写入路径与环境验证。
可信复核

回到可信合集再做一次复核

如果你还在比较不同技能或供应方,先回到可信合集做二次判断,而不是继续放大仓库噪音。
工作流

如果要进团队流转,转到工作流集合

当你的目标已经不是单个技能,而是团队协作、审批和可重复执行,就应该转到工作流合集继续比较。
实验室 Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

常见问题与安装步骤

以下问题与步骤与页面结构化数据保持一致,便于搜索引擎理解页面内容。

? FAQ

Security Reviewer 是什么?

适用场景: Ideal for AI agents that need read docs/compound/research/security/overview.md for severity classification and escalation triggers. 本地化技能摘要: A calm-tech health app — one concept a day, every claim cited. It covers calm-technology, claude, claude-code workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

如何安装 Security Reviewer?

运行命令:npx killer-skills add Nathandela/cahier/Security Reviewer。支持 Cursor、Windsurf、VS Code、Claude Code 等 19+ IDE/Agent。

Security Reviewer 适用于哪些场景?

典型场景包括:适用任务: Applying Read docs/compound/research/security/overview.md for severity classification and escalation triggers、适用任务: Applying Read all changed files completely, focusing on:、适用任务: Applying Input handling and data flow to interpreters (SQL, shell, HTML, templates)。

Security Reviewer 支持哪些 IDE 或 Agent?

该技能兼容 Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer。可使用 Killer-Skills CLI 一条命令通用安装。

Security Reviewer 有哪些限制?

限制说明: P1 : Authenticated exploit, limited data breach, missing auth on sensitive routes (requires ack);限制说明: P0 (BLOCKS MERGE): Must fix before merge, no exceptions;限制说明: P1 (REQUIRES ACK): Must acknowledge or fix before merge。

安装步骤

  1. 1. 打开终端

    在你的项目目录中打开终端或命令行。

  2. 2. 执行安装命令

    运行:npx killer-skills add Nathandela/cahier/Security Reviewer。CLI 会自动识别 IDE 或 AI Agent 并完成配置。

  3. 3. 开始使用技能

    Security Reviewer 已启用,可立即在当前项目中调用。

! 参考页模式

此页面仍可作为安装与查阅参考,但 Killer-Skills 不再把它视为主要可索引落地页。请优先阅读上方评审结论,再决定是否继续查看上游仓库说明。

Upstream Repository Material

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

Upstream Source

Security Reviewer

A calm-tech health app — one concept a day, every claim cited. It covers calm-technology, claude, claude-code workflows. This AI agent skill supports Claude

SKILL.md
Readonly
Upstream Repository Material
The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.
Supporting Evidence

Security Reviewer

Role

Mandatory core-4 reviewer responsible for identifying security vulnerabilities using P0-P3 severity classification. Has authority to escalate findings to specialist security skills for deep analysis.

Instructions

  1. Read docs/compound/research/security/overview.md for severity classification and escalation triggers
  2. Read all changed files completely, focusing on:
    • Input handling and data flow to interpreters (SQL, shell, HTML, templates)
    • Secrets and credential management
    • Authentication and authorization enforcement
    • Logging and error handling for data exposure
    • Dependency changes in lockfiles or manifests
  3. Classify each finding using P0-P3 severity:
    • P0: Unauthenticated RCE, credential compromise, unauth data access (blocks merge)
    • P1: Authenticated exploit, limited data breach, missing auth on sensitive routes (requires ack)
    • P2: Medium impact, harder to exploit, missing hardening (should fix)
    • P3: Best practice, defense in depth, code hygiene (nice to have)
  4. Escalate to specialist skills when deep analysis needed:
    • SQL/command concat or template interpolation -> /security-injection
    • Hardcoded strings matching key patterns, committed .env files -> /security-secrets
    • Route handlers missing auth middleware, IDOR patterns -> /security-auth
    • Logging calls with request objects, verbose error responses -> /security-data
    • Lockfile changes, new dependencies, postinstall scripts -> /security-deps
  5. For large diffs, spawn opus subagents to review different file groups in parallel. Merge findings and deduplicate.

Literature

  • Consult docs/compound/research/security/overview.md for severity classification and OWASP mapping
  • Consult docs/compound/research/security/injection-patterns.md for injection detection heuristics
  • Consult docs/compound/research/security/secrets-checklist.md for secret format patterns
  • Consult docs/compound/research/security/auth-patterns.md for auth/authz audit methodology
  • Consult docs/compound/research/security/data-exposure.md for data leak detection
  • Consult docs/compound/research/security/dependency-security.md for dependency risk assessment
  • Consult docs/compound/research/security/secure-coding-failure.md for full theoretical foundation
  • Run ca knowledge "security review OWASP" for indexed security knowledge

Collaboration

Share cross-cutting findings via SendMessage: security issues impacting architecture go to architecture-reviewer; secrets in test fixtures go to test-coverage-reviewer. Escalate to specialist skills via SendMessage when deep analysis needed.

Deployment

AgentTeam member in the review phase. Spawned via TeamCreate. Communicate with teammates via SendMessage.

Output Format

Return findings classified by severity:

  • P0 (BLOCKS MERGE): Must fix before merge, no exceptions
  • P1 (REQUIRES ACK): Must acknowledge or fix before merge
  • P2 (SHOULD FIX): Should fix, create beads issue if deferred
  • P3 (NICE TO HAVE): Best practice suggestion, non-blocking

If no findings at any severity: return "SECURITY REVIEW: CLEAR -- No findings at any severity level."

相关技能

寻找 Security Reviewer 的替代方案 (Alternative) 或可搭配使用的同类 community Skill?探索以下相关开源技能。

查看全部

openclaw-release-maintainer

Logo of openclaw
openclaw

本地化技能摘要: 🦞 # OpenClaw Release Maintainer Use this skill for release and publish-time workflow. It covers ai, assistant, crustacean workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

333.8k
0
AI

widget-generator

Logo of f
f

本地化技能摘要: Generate customizable widget plugins for the prompts.chat feed system # Widget Generator Skill This skill guides creation of widget plugins for prompts.chat . It covers ai, artificial-intelligence, awesome-list workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf

149.6k
0
AI

flags

Logo of vercel
vercel

本地化技能摘要: The React Framework # Feature Flags Use this skill when adding or changing framework feature flags in Next.js internals. It covers blog, browser, compiler workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

138.4k
0
浏览器

pr-review

Logo of pytorch
pytorch

本地化技能摘要: Usage Modes No Argument If the user invokes /pr-review with no arguments, do not perform a review . It covers autograd, deep-learning, gpu workflows. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

98.6k
0
开发者工具