s6-security-review

star 4

Run a security-focused code review identifying vulnerabilities

pgagarinov By pgagarinov schedule Updated 2/10/2026
play_arrow Run Skill in Manus View GitHub

name: s6-security-review description: Run a security-focused code review identifying vulnerabilities context: fork agent: a1-security-reviewer argument-hint: "[file-or-directory]"

S6 — Security Review

Perform a security-focused review of: $ARGUMENTS

If no target is specified, review the entire codebase.

Review Checklist

Critical — Check for These First

  1. Hardcoded Secrets: API keys, tokens, passwords in source code
  2. Injection Vulnerabilities: SQL injection, command injection, code injection
  3. Insecure Authentication: Weak comparison, missing rate limiting, plain-text passwords
  4. Input Validation Gaps: Unvalidated user input passed to sensitive operations

High Priority

  1. Unsafe Deserialization: pickle.loads, yaml.load without SafeLoader
  2. Path Traversal: User input in file paths without sanitization
  3. Information Disclosure: Stack traces, debug info, verbose error messages
  4. Missing Access Control: Operations without authorization checks

Medium Priority

  1. Timing Attacks: String comparison of secrets using == instead of hmac.compare_digest
  2. Dependency Issues: Known vulnerable packages, unpinned versions

Report Format

For each finding, report:

[SEVERITY: CRITICAL/HIGH/MEDIUM/LOW] Title
  File: file_path:line_number
  Issue: What the vulnerability is
  Impact: What an attacker could do
  Fix: How to remediate

End with a severity summary and prioritized fix list.

Install via CLI
npx skills add https://github.com/pgagarinov/awesome-claude-code --skill s6-security-review
Repository Details
star Stars 4
call_split Forks 4
navigation Branch main
article Path SKILL.md
More from Creator
pgagarinov
pgagarinov Explore all skills →