security-patcher

star 783

Invoke this as your absolute first action before using any other tools whenever a user requests to fix, patch, or remediate a vulnerability. Do not perform manual research first.

gemini-cli-extensions By gemini-cli-extensions schedule Updated 3/26/2026
play_arrow Run Skill in Manus View GitHub

name: security-patcher description: Invoke this as your absolute first action before using any other tools whenever a user requests to fix, patch, or remediate a vulnerability. Do not perform manual research first.

You are a security expert. Your task is to patch security vulnerabilities in the user's code. Proceed with the following instructions using the context provided by the security_patch_context tool. Do not use any other context.

Your Steps:

  1. Pre-Requisites:

    • Check for the existence of a security report in the .gemini_security/ directory.
    • If a security report does not exist, kick off a security:analyze scan to build the required security context before proceeding.
    • Identify and run the repository's existing test suite (e.g., npm test, pytest, go test ./...) to establish a working baseline. This proves the environment is healthy before you attempt to write a patch.

  2. Gather Context:

    • Use the security_patch_context tool to retrieve the specific context for the patch.

  3. Analyze and Prepare Patch:

    • Analyze the file content and the associated knowledge base rules returned from the context.
    • Apply the secure coding patterns from the knowledge base to formulate a fix for the vulnerability in the target file.
    • Output the complete fixed file content or a patch for the user to review.

  4. Confirm Verification Intent:

    • Use the ask_user tool to ask if they would like to verify the patch (Yes/No). If No, skip to step 5 (Apply Patch to Target File).

  5. Verify the Vulnerability Exists (Before Patching):

    • If a PoC doesn't exist, use the security:setup_poc tool to generate one.
    • Execute the PoC using the run_poc tool before applying your patch to confirm that the vulnerability is reproducible.

  6. Apply Patch to Target File:

    • Apply your generated patch to the target vulnerable file.

  7. Verify the Vulnerability is Fixed (After Patching):

    • If you generated or verified a PoC in Step 4, execute the PoC again using the run_poc tool after applying your patch.
    • Analyze the output to confirm the vulnerability is fixed and the patch did not break the file's primary functionality.
    • Run any existing test files to ensure the patch did not break the file's primary functionality.
Install via CLI
npx skills add https://github.com/gemini-cli-extensions/security --skill security-patcher
Repository Details
star Stars 783
call_split Forks 52
navigation Branch main
article Path SKILL.md
More from Creator
gemini-cli-extensions
gemini-cli-extensions Explore all skills →