acaprino/defect-taxonomy
plugins/senior-review/skills/defect-taxonomy/SKILL.md
Comprehensive defect taxonomy knowledge base -- 16 macro-categories, 140+ subcategories of source code defects with CWE/OWASP mappings, detection strategies, fix patterns, and review frameworks. Used by senior-review agents (code-auditor, security-auditor, ui-race-auditor) to enrich analysis with structured defect knowledge.
development
Updated Apr 20, 2026
$ install --global
skillsauthnpx skillsauth add acaprino/anvil-toolset defect-taxonomyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 4:03 AM8.3s10 files scanned
SKILL.md
- name:
- defect-taxonomy
- description:
- >
Defect Taxonomy Knowledge Base
Unified classification of source code defects synthesizing MITRE CWE, OWASP Top 10, NASA Power of 10, IBM ODC, IEEE 1044, and Beizer's taxonomy into actionable detection references.
Reference Files
Load relevant references based on the code domain under review. Do NOT load all files -- select only what applies.
Taxonomy References (defect patterns)
| Reference | When to load |
|-----------|-------------|
| references/concurrency-state.md | Concurrent/parallel code, shared state, async patterns, closures, variable scoping |
| references/logic-types.md | Comparisons, boolean logic, type conversions, generics, serialization |
| references/memory-resources.md | Memory management (C/C++/Rust), resource lifecycle, error handling, performance bottlenecks |
| references/security.md | Security review -- injection, auth, crypto, secrets, CORS, SSRF, input validation |
| references/distributed-integration.md | Microservices, APIs, distributed state, message queues, service mesh, migrations |
| references/data-design-ops.md | Database/ORM, design patterns, build/deploy, testing, observability |
| references/detection-matrix.md | Cross-cutting: detection channels per category, language-weighted focus, ROI prioritization |
Review Frameworks (analysis methodology)
| Reference | When to load |
|-----------|-------------|
| references/review-frameworks.md | Always load for code-auditor. Contains cognitive models, failure flow methodology, anti-pattern checklist, mental models, severity/scoring system |
Language-Weighted Category Focus
- C/C++: concurrency-state.md + memory-resources.md (categories 1, 5)
- JVM (Java/Kotlin/Scala): concurrency-state.md + logic-types.md + memory-resources.md (categories 2, 7, 8)
- JavaScript/TypeScript: concurrency-state.md + logic-types.md + security.md (categories 2, 4, 6)
- Python: logic-types.md + security.md + memory-resources.md (categories 4, 6, 7)
- Go/Rust: concurrency-state.md + memory-resources.md (categories 1, 5, 7)
- Microservices (any): distributed-integration.md + data-design-ops.md (categories 8-12)
Usage Instructions
- Identify the language(s) and domain of the code under review
- Load the review-frameworks.md reference (for code-auditor agent)
- Load 1-3 taxonomy references matching the language/domain
- Apply detection strategies from the loaded references during analysis
- Map findings to CWE identifiers where applicable
- Use the detection-matrix.md to prioritize detection approach
Related Skills
acaprino/memory-forensics
tools
VerifiedTrustedCommunity
Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility and related tools. Use when analyzing memory dumps, investigating incidents, or performing malware analysis from RAM captures.
5SKILL.mdUpdated May 13, 2026
acaprino/binary-analysis-patterns
development
VerifiedTrustedCommunity
Master binary analysis patterns including disassembly, decompilation, control flow analysis, and code pattern recognition. Use when analyzing executables, understanding compiled code, or performing static analysis on binaries.
5SKILL.mdUpdated May 13, 2026
acaprino/kotlin-specialist
development
VerifiedTrustedCommunity
Idiomatic Kotlin implementation patterns: coroutines and structured concurrency, Flow / StateFlow / SharedFlow, Kotlin Multiplatform (KMP) shared-code architecture, Jetpack Compose UI, Ktor server with JWT auth and Exposed, and type-safe DSL design (lambdas with receivers, delegated properties, inline reified, value classes). TRIGGER WHEN: building, writing, or reviewing Kotlin code using coroutines / Flow / suspend functions, expect/actual, Compose composables / ViewModels, Ktor routing, sealed-class state modeling, scope functions, or DSL builders. DO NOT TRIGGER WHEN: libGDX game work (use libgdx-development), Android Java without Kotlin, or pure JVM tuning unrelated to Kotlin language features.
5SKILL.mdUpdated May 13, 2026
acaprino/frontend-strategy
tools
VerifiedTrustedCommunity
Strategic website planning skill that conducts structured client discovery, produces professional deliverables (website brief, sitemap, design direction, content strategy), and orchestrates frontend-design, frontend-layout, seo-specialist, and content-marketer agents automatically. TRIGGER WHEN: planning a new website or redesign before any code is written. DO NOT TRIGGER WHEN: the task is outside the specific scope of this component.
5SKILL.mdUpdated May 13, 2026