andriyze/review-skills
skills/review-skills/SKILL.md
Review ShakerScan skills, commands, and subagents for broken references, invalid Claude Code configuration, prompt anti-patterns, missing hard gates, missing outputs, and weak operational guidance. Use when asked to audit, review, or quality-check the skill system itself.
development
Updated May 26, 2026
$ install --global
skillsauthnpx skillsauth add andriyze/shakerscan review-skillsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 26, 2026, 3:47 AM181.6s2 files scanned
SKILL.md
- name:
- review-skills
- description:
- Review ShakerScan skills, commands, and subagents for broken references, invalid Claude Code configuration, prompt anti-patterns, missing hard gates, missing outputs, and weak operational guidance. Use when asked to audit, review, or quality-check the skill system itself.
Review Skills
Use this skill to review the entire ShakerScan skill and command surface like a code review, not as a lightweight summary.
Scope
Review all of these unless the user explicitly narrows scope:
skills/*.mdskills/**/SKILL.mdskills/**/references/*skills/**/agents/openai.yaml.claude/commands/*.md.claude/agents/*.md
Review Goals
Look for:
- broken or stale file references
- unsupported or risky Claude Code frontmatter
- contradictory instructions across skills, commands, and agents
- prompt wording that increases false positives or weakens evidence standards
- missing machine-usable outputs
- missing fallback behavior
- missing checklists or hard gates for long tasks
- poor model/tool selection for the intended workload
Mandatory Checklist
Maintain this checklist in markdown while you work. Do not move on to synthesis or a final answer until every item is [x] or [n/a] with a short reason.
- [ ] Enumerate all in-scope skill, command, and agent files
- [ ] Read every in-scope skill file
- [ ] Read every in-scope command file
- [ ] Read every in-scope agent file
- [ ] Verify references between files resolve correctly
- [ ] Verify frontmatter fields are supported and coherent
- [ ] Verify each skill has a clear workflow, outputs, fallbacks, and guardrails
- [ ] Verify long-task checklist and hard-gate behavior where needed
- [ ] Produce findings ordered by severity with file references
Output
Return:
- Findings first, ordered by severity, with file references.
- Open questions or assumptions.
- A short change summary or health summary.
If there are no issues, say so clearly and still note any residual risk or test gaps.
Rules
- Review behavior, not branding.
- Prefer concrete failures over stylistic nits.
- If a prompt is likely to create fabricated findings, call that out explicitly.
- Do not move on until the checklist is complete.
Related Skills
andriyze/js-analyze
development
VerifiedTrustedCommunity
Analyze JavaScript bundles, frontend routes, browser-captured APIs, libraries, and secrets for a ShakerScan target or completed scan. Use when asked for JS analysis, route analysis, frontend endpoint discovery, library review, source-map hints, or to build `custom_endpoints` for a ShakerScan scan.
SKILL.mdUpdated May 26, 2026
andriyze/content-discovery
development
VerifiedTrustedCommunity
Build target-specific content discovery seeds, path lists, and ShakerScan scan inputs from scan results, JS analysis, framework clues, and exposed docs. Use when asked for content discovery, wordlist generation, ffuf seeds, admin path discovery, hidden file discovery, route discovery, or custom endpoint seeding.
SKILL.mdUpdated May 26, 2026
andriyze/ai-security-session
development
VerifiedTrustedCommunity
Interactive Playwright session control for the ShakerScan `/session` API. Use when asked to start or drive an AI security testing session, perform manual browser actions, or run BOLA/IDOR testing via session endpoints.
SKILL.mdUpdated May 26, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026