opsmachine/2-security-critique
skills/2-security-critique/SKILL.md
Phase 2 of security audit pipeline. Red team review of Phase 1 findings — removes false positives, adds missed risks, ranks the backlog. Invoke with '/2-security-critique' after Phase 1 is complete.
testing
Updated Apr 23, 2026
$ install --global
skillsauthnpx skillsauth add opsmachine/om-agency 2-security-critiqueInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 10:58 AM158.4s1 file scanned
SKILL.md
- name:
- 2-security-critique
- description:
- Phase 2 of security audit pipeline. Red team review of Phase 1 findings — removes false positives, adds missed risks, ranks the backlog. Invoke with '/2-security-critique' after Phase 1 is complete.
- tags:
- [security, audit, security-phase-2]
- state_source:
- security_plan
- params:
- []
- - field:
- backlog
- value:
- Pending
- sets_to:
- Ranked
- side_effects:
- []
- next:
- [3-security-spec]
- human_gate:
- true
Phase 2: Red Team Critique
What this phase does
Challenge every finding from Phase 1. Tighten the plan before any code is written.
Instructions
-
Read
SECURITY_PLAN.md. Review everyPendingitem. -
Critique:
- Remove false positives (flag anything that isn't actually exploitable)
- Add missing risks (e.g. "You missed the rate limit check on this endpoint")
- Rank the remaining items by exploitability and impact
-
Output: Update
SECURITY_PLAN.mdwith a Ranked Backlog. Top item is what Phase 3 will target. -
Stop. Present the ranked backlog to the user.
The next step is Phase 3: /3-security-spec
Related Skills
opsmachine/write-failing-test
testing
VerifiedTrustedCommunity
Write failing tests for all planned acceptance criteria from the test plan. Use after /plan-tests, before implementation. Invoke with '/write-failing-test path/to/spec.md' or 'write failing test', 'red phase', 'start TDD'.
1SKILL.mdUpdated Jun 6, 2026
opsmachine/workflow-router
data-ai
VerifiedTrustedCommunity
Workflow manager that orchestrates the entire skill system. Runs automatically before any implementation work. Reads state from artifacts, determines the next skill, spawns sub-agents for execution, and manages human gates. Invoke with '/workflow-router' or it runs automatically per CLAUDE.md.
1SKILL.mdUpdated Jun 6, 2026
opsmachine/webapp-testing
tools
VerifiedTrustedCommunity
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.
1SKILL.mdUpdated Jun 6, 2026
opsmachine/supabase-security
development
VerifiedTrustedCommunity
Supabase security best practices and patterns. Use when working with Supabase projects, creating tables, writing RLS policies, edge functions, or reviewing Supabase code. Invoke with '/supabase-security' or when asked about Supabase security.
1SKILL.mdUpdated Jun 6, 2026