Security Review Openai
Skill ActivePerform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks.
To guide developers in identifying and mitigating security vulnerabilities specific to various web languages and frameworks.
Features
- Security best-practice reviews for Python, JavaScript/TypeScript, and Go
- Detailed guidance on preventing XSS, SQL injection, SSRF, and other common vulnerabilities
- Specific advice for popular frameworks like Express, Next.js, React, FastAPI, and Django
- Covers generation mode (writing secure code) and review mode (auditing existing code)
- Provides evidence-based findings with clear impact and fix recommendations
Use Cases
- When developing new web applications in Python, JavaScript/TypeScript, or Go to ensure secure-by-default coding.
- When auditing existing web application codebases for security vulnerabilities.
- When seeking specific guidance on securing popular web frameworks like Express, Next.js, React, FastAPI, or Django.
- When responding to security alerts or proactively improving the security posture of a web project.
Non-Goals
- Performing general code reviews unrelated to security.
- Debugging application logic that is not security-related.
- Providing security guidance for languages or frameworks not explicitly listed (Python, JS/TS, Go).
- Automating the fixing of vulnerabilities without user interaction or explicit requests.
Maintenance
- warning:Commit recencyThe last commit was over 3 months ago (March 3, 2026), suggesting potential maintenance gaps.
Installation
First, add the marketplace
/plugin marketplace add lawvable/awesome-legal-skills/plugin install security-review-openai@lawvableQuality Score
Trust Signals
Similar Extensions
Cleanup Cycles
100Detect and untangle circular dependencies. Runs madge/skott (TS), pycycle (Py), or compiler-only checks (Go/Rust). Auto-fixes leaf-extractable cycles; reports core cycles for human review. Use when the user asks to find circular imports, fix dependency cycles, or untangle module graph. Example queries — "find circular imports", "fix dependency cycles", "untangle our module graph", "why is madge complaining".
Coding Standards
100Baseline cross-project coding conventions for naming, readability, immutability, and code-quality review. Use detailed frontend or backend skills for framework-specific patterns.
Codex PR Review
100Revisa pull requests en proyectos Drupal 11 (u otro) siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "revisión Codex", "revisión de PR", "revisar PR", "revisar PR
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Deepinit
100Deep codebase initialization with hierarchical AGENTS.md documentation
Netlify Identity
100Use when the task involves authentication, user signups, logins, password recovery, OAuth providers, role-based access control, or protecting routes and functions. Always use `@netlify/identity`. Never use `netlify-identity-widget` or `gotrue-js` — they are deprecated.