robotti-io/secure-fix-validation
skills/secure-fix-validation/SKILL.md
Standard validation checklist to prove a security fix works and doesn’t regress behavior.
$ install --global
skillsauthnpx skillsauth add robotti-io/copilot-security-instructions secure-fix-validationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 11, 2026, 10:56 PM4.5s1 file scanned
SKILL.md
- name:
- secure-fix-validation
- description:
- Standard validation checklist to prove a security fix works and doesn’t regress behavior.
Secure Fix Validation
When to use
Use this skill after implementing a security fix, or when reviewing a PR.
Inputs to collect (if available)
- Vulnerability description and expected secure behavior
- Repro steps (request, payload, or test)
- Affected components and entry points
- Deployment/rollout constraints (feature flags, backwards compatibility)
Step-by-step process
- Reproduce the issue pre-fix
- Minimal failing test or request example
- Verify the fix
- Confirm the repro now fails safely
- Regression coverage
- Add unit/integration tests for:
- expected valid inputs
- malicious/edge inputs
- authorization bypass attempts (if relevant)
- Add unit/integration tests for:
- Non-functional checks
- Error handling (no stack traces/secret leakage)
- Logging redaction (no PII/secrets)
- Performance impact in hot paths
- Rollout safety
- Feature flags where appropriate
- Backwards compatibility notes
- Monitoring/alerts to detect new failure modes
Output
- Commands run
- Tests added/updated
- Verification evidence (logs/screenshots/snippets)
- Rollout notes
Output format
- Repro (pre-fix): how it failed
- Verification (post-fix): what now happens
- Tests: added/updated + what they cover
- Evidence: logs/screenshots/snippets (redacted)
- Rollout notes: monitoring, flags, compatibility
Examples
- “Fix: block IDOR on /users/:id” → add negative test for cross-user access; verify 403 and tenant scoping on DB query.
Related Skills
robotti-io/threat-model
tools
VerifiedTrustedCommunity
Threat model a system, feature, service, or PR using Shostack's 4Q workflow, evidence-first analysis, risk scoring, and CLI-friendly Mermaid helper scripts.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/access-control-review
testing
VerifiedTrustedCommunity
Analyze repository-grounded identity, access control, and authorization design with evidence-first reporting and script-validated Mermaid diagrams.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/threat-model
tools
VerifiedTrustedCommunity
Threat model a system, feature, service, or PR using Shostack's 4Q workflow, evidence-first analysis, risk scoring, and CLI-friendly Mermaid helper scripts.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/dependency-cve-triage
content-media
VerifiedTrustedCommunity
Triage a dependency CVE using local repo evidence and remediation guidance.
39SKILL.mdUpdated Apr 19, 2026