sd0xdev/codex-security
skills/codex-security/SKILL.md
OWASP Top 10 security review using Codex MCP. Supports review loop with context preservation.
$ install --global
skillsauthnpx skillsauth add sd0xdev/sd0x-dev-flow codex-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 4:04 AM62.2s1 file scanned
SKILL.md
- name:
- codex-security
- description:
- OWASP Top 10 security review using Codex MCP. Supports review loop with context preservation.
- allowed-tools:
- mcp__codex__codex, mcp__codex__codex-reply, Bash(git:*), Read, Grep, Glob
Codex Security
Thin entry-point skill — routes to the parent skill for full workflow.
Parent Skill
This skill delegates to security-review for the full OWASP security review workflow, prompt templates, and audit logic.
See @skills/security-review/SKILL.md
Trigger
- Keywords: security review, OWASP, security audit, codex-security
When NOT to Use
- Code review (use
/codex-review-fast) - Dependency audit (use
/dep-audit) - Test review (use
/codex-test-review)
Related Skills
sd0xdev/zh-tw
documentation
VerifiedTrustedCommunity
Rewrite the previous reply in Traditional Chinese
147SKILL.mdUpdated Apr 28, 2026
sd0xdev/watch-ci
development
VerifiedTrustedCommunity
Monitor GitHub Actions CI runs until completion. Use when: watching CI after push, checking build status, monitoring PR checks, waiting for CI completion, user says 'watch CI', 'check CI', 'CI status', 'monitor build', or /watch-ci. Not for: pushing code (use push-ci), creating PRs (use create-pr). Output: per-run verdict (pass/fail/timeout).
147SKILL.mdUpdated Apr 28, 2026
sd0xdev/verify
development
VerifiedTrustedCommunity
Verification loop — lint -> typecheck -> unit -> integration -> e2e
147SKILL.mdUpdated Apr 28, 2026
sd0xdev/update-docs
development
VerifiedTrustedCommunity
Research current code state then update corresponding docs, ensuring docs stay in sync with code.
147SKILL.mdUpdated Apr 28, 2026