edercnj/x-review-gateway
src/main/resources/targets/claude/skills/conditional/review/x-review-gateway/SKILL.md
Reviews API gateway configuration for routing rules, authentication, rate limiting, CORS, security headers, TLS, and observability integration.
development
Updated May 5, 2026
$ install --global
skillsauthnpx skillsauth add edercnj/claude-environment x-review-gatewayInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 5, 2026, 3:20 AM137.4s2 files scanned
SKILL.md
- name:
- x-review-gateway
- description:
- Reviews API gateway configuration for routing rules, authentication, rate limiting, CORS, security headers, TLS, and observability integration.
- user-invocable:
- true
- allowed-tools:
- Read, Grep, Glob, Bash
- argument-hint:
- [gateway config files or PR]
- requires-capabilities:
- []
Global Output Policy
- Language: English ONLY.
- Tone: Technical, Direct, and Concise.
- Efficiency: Remove all conversational fillers and greetings to save tokens.
Skill: API Gateway Review
Purpose
Review API gateway configuration against best practices for routing rules, authentication, rate limiting, CORS, security headers, TLS configuration, and observability integration.
Activation Condition
Include this skill when the project uses an API gateway (Kong, Istio, AWS APIGW, Traefik, etc.).
Triggers
/x-review-gateway-- review all gateway configuration files/x-review-gateway gateway.yaml-- review a specific config file/x-review-gateway 42-- review gateway changes in PR #42
Parameters
| Parameter | Type | Required | Default | Description |
|-----------|------|----------|---------|-------------|
| target | String | No | (all) | Gateway config file paths or PR number |
Workflow
Step 1 — Identify Gateway Configuration
Scan for gateway configuration files in the change set or project.
Step 2 — Verify Routing Rules
Check route definitions for correctness, path conflicts, and upstream targets.
Step 3 — Validate Authentication
Verify authentication middleware is applied to protected routes.
Step 4 — Check Rate Limiting
Validate rate limiting configuration per route or globally.
Step 5 — Validate CORS and Security Headers
Check CORS policy and security headers (HSTS, CSP, X-Frame-Options, etc.).
Step 6 — Validate TLS Configuration
Verify TLS settings: minimum version, cipher suites, certificate management.
Step 7 — Check Observability Integration
Validate access logs, tracing propagation, and metrics collection.
Step 8 — Generate Report
Produce gateway review report with findings and verdict.
Output Format
## Gateway Review — [Change Description]
### Gateway Type: [Kong/Istio/AWS APIGW/Traefik]
### Findings
1. [Finding with file, line, remediation]
### Verdict: APPROVE / REQUEST CHANGES
Error Handling
| Scenario | Action | |----------|--------| | No gateway config files found | Report INFO: no gateway configuration discovered | | Unknown gateway type | Warn and apply generic best practices review | | Missing authentication on public routes | REQUEST CHANGES with remediation guidance |
Related Skills
edercnj/x-generate-docs
tools
VerifiedTrustedCommunity
Documentation automation v2: stack-aware generation from documentation.targets.
SKILL.mdUpdated May 17, 2026
edercnj/x-generate-ci
development
VerifiedTrustedCommunity
Generates or updates CI/CD pipelines per project stack with actionlint validation.
SKILL.mdUpdated May 17, 2026
edercnj/x-generate-adr
tools
VerifiedTrustedCommunity
Generates ADRs from architecture-plan mini-ADRs with sequential numbering and index update.
SKILL.mdUpdated May 17, 2026
edercnj/x-format-code
development
VerifiedTrustedCommunity
Formats source code; first step of the pre-commit chain (format -> lint -> compile).
SKILL.mdUpdated May 17, 2026