00PrabalK00/security-review-playbook
skills/security-review-playbook/SKILL.md
Review systems for authentication and authorization gaps, secret handling problems, unsafe queries, insecure defaults, data exposure, dependency risk, and abuse paths. Use for code reviews, threat-focused audits, or pre-release security checks.
development
Updated Mar 23, 2026
$ install --global
skillsauthnpx skillsauth add 00PrabalK00/claude-skills security-review-playbookInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
4 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
4
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 24, 2026, 1:27 AM121.1s2 files scanned
SKILL.md
- name:
- security-review-playbook
- description:
- Review systems for authentication and authorization gaps, secret handling problems, unsafe queries, insecure defaults, data exposure, dependency risk, and abuse paths. Use for code reviews, threat-focused audits, or pre-release security checks.
Security Review Playbook
Overview
Review systems with an attacker and defender mindset at the same time.
Core Workflow
- Map trust boundaries, data flows, privileged actions, and externally reachable surfaces.
- Check authentication, authorization, session handling, and access-control assumptions.
- Inspect input handling, query construction, file access, redirects, deserialization, and unsafe execution paths.
- Check secrets, logging, configuration defaults, dependency posture, and data exposure risks.
- Report concrete findings by severity with exploit path, impact, and remediation guidance.
Deliver
- Focus on real vulnerabilities and meaningful hardening gaps.
- Note missing evidence separately from confirmed findings.
- Include operational or product follow-ups when fixes require them.
Guardrails
- Prefer primary evidence from code and config over hypothetical fear lists.
- Avoid exploit-detail overproduction when a safer summary is enough.
- Escalate broken access control, secret leakage, and unsafe defaults quickly.
Related Skills
00PrabalK00/vendor-evaluation-scorecard
tools
VerifiedTrustedCommunity
Compare vendors or tools using weighted criteria, tradeoffs, risks, and recommendation logic. Use when selecting platforms or partners.
SKILL.mdUpdated Mar 23, 2026
00PrabalK00/user-interview-synthesizer
data-ai
VerifiedTrustedCommunity
Extract needs, pain points, quotes, and behavioral patterns from user interviews. Use when synthesizing qualitative research.
SKILL.mdUpdated Mar 23, 2026
00PrabalK00/user-feedback-clusterer
databases
VerifiedTrustedCommunity
Group user feedback into themes, bugs, requests, sentiment, and confusion points. Use when analyzing feedback corpora.
SKILL.mdUpdated Mar 23, 2026
00PrabalK00/test-writer-coverage-closer
testing
VerifiedTrustedCommunity
Find missing coverage, design useful unit or integration tests, add fixtures or mocks, and explain remaining edge cases. Use when a feature lacks tests, a bug needs regression coverage, or coverage gaps block confidence.
SKILL.mdUpdated Mar 23, 2026