a5c-ai/security-review
library/methodologies/rpikit/skills/security-review/SKILL.md
Security vulnerability assessment identifying OWASP risks, injection vectors, authentication issues, and data exposure with severity classification.
$ install --global
skillsauthnpx skillsauth add a5c-ai/babysitter security-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 1, 2026, 12:13 PM95.3s2 files scanned
SKILL.md
- name:
- security-review
- description:
- Security vulnerability assessment identifying OWASP risks, injection vectors, authentication issues, and data exposure with severity classification.
- allowed-tools:
- Read, Bash, Grep, Glob, Agent, AskUserQuestion
Security Review
Overview
Identify security vulnerabilities in code changes. Covers OWASP categories, injection vectors, authentication/authorization issues, data exposure, and dependency risks.
When to Use
- After code review passes (or in parallel)
- Before any code merge involving user-facing changes
- As part of the /review-security command
- Mandatory for high-stakes implementations
Process
- Identify modified files with security relevance
- Scan for common vulnerability patterns
- Assess authentication and authorization changes
- Check for data exposure risks
- Evaluate dependency security
- Classify severity and provide recommendations
Severity Levels
- Critical: Immediate exploitation risk
- High: Significant vulnerability requiring fix before merge
- Medium: Vulnerability that should be addressed soon
- Low: Minor security improvement opportunity
Key Rules
- Security review failure halts implementation
- All findings must include file paths and line numbers
- Provide actionable remediation steps
- Reference OWASP categories where applicable
Tool Use
Invoke via babysitter process: methodologies/rpikit/rpikit-review
Related Skills
a5c-ai/model-card-generator
development
VerifiedTrustedCommunity
Model documentation skill for generating model cards following Google's model card framework.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/mlflow-experiment-tracker
development
VerifiedTrustedCommunity
MLflow integration skill for experiment tracking, model registry, and artifact management. Enables LLMs to log experiments, compare runs, manage model lifecycle, and retrieve artifacts through the MLflow API.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/lime-explainer
data-ai
VerifiedTrustedCommunity
LIME-based local explanation skill for individual predictions across tabular, text, and image data.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/kubeflow-pipeline-executor
devops
VerifiedTrustedCommunity
Kubeflow Pipelines skill for ML workflow orchestration, component management, and Kubernetes-native ML.
680SKILL.mdUpdated Apr 28, 2026