security-review

star 408

Run a focused STRIDE-based security review using Bug Hunter-native artifacts. Use whenever the user asks for a full security audit, repository security review, weekly security scan, PR security review with deeper validation, or wants dependency CVEs and threat-model context combined into one workflow.

codexstar69 By codexstar69 schedule Updated 3/12/2026
play_arrow Run Skill in Manus View GitHub

name: security-review description: Run a focused STRIDE-based security review using Bug Hunter-native artifacts. Use whenever the user asks for a full security audit, repository security review, weekly security scan, PR security review with deeper validation, or wants dependency CVEs and threat-model context combined into one workflow.

Security Review

This is a bundled local Bug Hunter companion skill. It packages a security-focused review workflow without introducing any external marketplace dependency.

Purpose

Use this skill for deeper security audits than a simple bug hunt, especially when the user wants:

  • a full security review
  • PR security validation
  • weekly security scanning
  • dependency reachability + code review together
  • threat-model-driven analysis

Workflow

  1. Ensure .bug-hunter/threat-model.md exists.

    • If missing, invoke the bundled threat-model-generation skill.

  2. Determine the scan mode from the request:

    • PR → diff-scoped review via commit-security-scan
    • staged → staged-only security review
    • weekly → recent commit range on the default branch
    • full → full repository security audit

  3. If dependency scanning is relevant, run:

    • node scripts/dep-scan.cjs --target <path> --output .bug-hunter/dep-findings.json

  4. Scan code for STRIDE threats using Bug Hunter-native conventions. Reuse:

    • .bug-hunter/triage.json
    • .bug-hunter/threat-model.md
    • .bug-hunter/security-config.json
    • .bug-hunter/dep-findings.json

  5. Validate severe findings using the bundled vulnerability-validation skill.

  6. Produce structured outputs compatible with the Bug Hunter pipeline.

Outputs

Primary artifacts should stay inside .bug-hunter/:

  • .bug-hunter/findings.json
  • .bug-hunter/referee.json
  • .bug-hunter/report.md
  • .bug-hunter/dep-findings.json when dependency review is enabled
  • .bug-hunter/fix-strategy.json if the user wants remediation planning

Important constraints

  • Keep all paths Bug Hunter-native; do not emit .factory/* artifacts.
  • Prefer validated, exploitability-aware findings over raw volume.
  • For patching requests, hand findings back to the normal Bug Hunter fix pipeline rather than inventing a second patch system.
Install via CLI
npx skills add https://github.com/codexstar69/bug-hunter --skill security-review
Repository Details
star Stars 408
call_split Forks 47
navigation Branch main
article Path SKILL.md
More from Creator
codexstar69
codexstar69 Explore all skills →