edercnj/x-review-security
src/main/resources/targets/claude/skills/conditional/review/x-review-security/SKILL.md
Reviews code changes for compliance with selected security frameworks. Verifies sensitive data handling, audit trails, and access control patterns.
development
Updated May 5, 2026
$ install --global
skillsauthnpx skillsauth add edercnj/ia-dev-environment x-review-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 5, 2026, 3:21 AM175.6s2 files scanned
SKILL.md
- name:
- x-review-security
- description:
- Reviews code changes for compliance with selected security frameworks. Verifies sensitive data handling, audit trails, and access control patterns.
- user-invocable:
- true
- allowed-tools:
- Read, Grep, Glob, Bash
- argument-hint:
- [PR number or file paths]
- requires-capabilities:
- []
- fragment-slot:
- { slot: review-specialist, fragment-id: security, fragment-order: 10 }
Global Output Policy
- Language: English ONLY.
- Tone: Technical, Direct, and Concise.
- Efficiency: Remove all conversational fillers and greetings to save tokens.
Skill: Security Compliance Review
Purpose
Review code changes against the compliance frameworks selected in the project configuration. Verify sensitive data handling, audit trails, access control patterns, and cryptography usage per active framework requirements.
Activation Condition
Include this skill when the project has compliance frameworks configured (PCI-DSS, LGPD, GDPR, HIPAA, SOX).
Triggers
/x-review-security 42-- review PR #42 for security compliance/x-review-security src/main/java/com/example/auth/-- review specific file paths/x-review-security-- review all current changes
Parameters
| Parameter | Type | Required | Default | Description |
|-----------|------|----------|---------|-------------|
| target | String | No | (current changes) | PR number or file paths to review |
Knowledge Pack References
| Pack | Files | Purpose |
|------|-------|---------|
| security | skills/security/references/security-principles.md | Data classification, input validation, fail-secure patterns |
| security | skills/security/references/application-security.md | OWASP Top 10, security headers, secrets management |
| security | skills/security/references/cryptography.md | TLS, hashing, key management |
| compliance | skills/compliance/SKILL.md and skills/compliance/references/ | Active framework requirements |
Workflow
Step 1 — Identify Active Frameworks
Read skills/compliance/references/ to identify active frameworks (PCI-DSS, LGPD, GDPR, HIPAA, SOX).
Step 2 — Verify Framework-Specific Requirements
For each active framework, verify the change against framework-specific requirements.
Step 3 — Check Sensitive Data Handling
Check data classification, masking, and encryption per skills/security/references/cryptography.md.
Step 4 — Verify Audit Trail Requirements
Ensure audit trail requirements are met for the active frameworks.
Step 5 — Check Access Control Patterns
Verify access control patterns comply with framework requirements.
Step 6 — Produce Compliance Report
Generate the compliance review report with per-framework results.
Output Format
## Compliance Review — [Change Description]
### Active Frameworks: [list]
### Per-Framework Results
#### [Framework Name]
- [x] Requirement met / [ ] Gap identified
- Finding: [description + remediation]
### Overall Verdict: COMPLIANT / NON-COMPLIANT / NEEDS REVIEW
Error Handling
| Scenario | Action | |----------|--------| | No compliance frameworks configured | Report INFO: no frameworks active, skip review | | Compliance KP files missing | Warn and proceed with generic security review | | PR number invalid or inaccessible | Report error with PR number and suggest checking access |
Related Skills
edercnj/helidon-scaffold
testing
VerifiedTrustedCommunity
Scaffolds a Helidon SE/MP service with routing, health, config, Dockerfile, and tests.
SKILL.mdUpdated May 17, 2026
edercnj/picocli-command
tools
VerifiedTrustedCommunity
Generates a Picocli @Command with subcommands, options, converters, and unit tests.
SKILL.mdUpdated May 15, 2026
edercnj/micronaut-scaffold
testing
VerifiedTrustedCommunity
Scaffolds a Micronaut service with @Controller, DI, health, Dockerfile, and tests.
SKILL.mdUpdated May 12, 2026
edercnj/helidon-scaffold
testing
VerifiedTrustedCommunity
Scaffolds a Helidon SE/MP service with routing, health, config, Dockerfile, and tests.
SKILL.mdUpdated May 9, 2026