- Home
- Skills
- Protagonistss
- Ithinku Plugins
- Security Review
security-review_skill
- TypeScript
0
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill protagonistss/ithinku-plugins --skill security-review- SKILL.md10.4 KB
Overview
This skill performs professional code security reviews to find vulnerabilities, assess risk, and recommend fixes. It maps findings to OWASP Top 10 and CVE/CVSS guidance, producing prioritized remediation suggestions and a structured security report. The skill focuses on web, API, and data protection controls and integrates with CI/CD pipelines for automated scans.
How this skill works
The skill inspects source code patterns, configuration files, and common runtime behaviors to detect injection points, XSS, auth/authorization flaws, and sensitive data exposures. It scores findings using CVSS 3.1 and a risk matrix, groups issues by severity, and generates actionable fixes, code examples, and a remediation roadmap. It can output a checklist, sample patches, and CI/CD integration snippets for continuous scanning.
When to use it
- Before a production release or major deployment
- During code reviews and pull request validation
- After dependency upgrades or new library adoption
- When responding to a security incident or audit request
- To validate compliance (GDPR, PCI DSS) requirements
Best practices
- Use parameterized queries and input validation to prevent injections
- Enforce strong password policies, session hardening, and MFA where applicable
- Encrypt sensitive data at rest and in transit; avoid hardcoded secrets
- Add Content Security Policy, secure headers, and output encoding to mitigate XSS
- Integrate SAST/DAST and dependency checks into CI/CD for continuous detection
- Prioritize fixes by CVSS severity and exploitability; remediate critical issues first
Example use cases
- Perform an OWASP Top 10 focused review for a Node.js/React web app and produce a prioritized report
- Scan API endpoints for auth and rate-limiting gaps before public launch
- Audit database access code to find SQL/NoSQL injection and hardcoded credentials
- Generate CI/CD security scan workflow examples and automated dependency checks
- Run simulated attack test cases (SQLi, XSS, path traversal) to validate defenses
FAQ
It produces a prioritized vulnerability report, CVSS scores, remediation steps, secure code samples, a checklist, and CI/CD scan examples.
Can this integrate with CI/CD pipelines?
Yes. The skill provides examples and configuration snippets to run SAST, dependency checks, and scheduled scans in CI/CD systems.