Security Review Openai
技能 活跃Perform language and framework specific security best-practice reviews and suggest improvements. Trigger only when the user explicitly requests security best practices guidance, a security review/report, or secure-by-default coding help. Trigger only for supported languages (python, javascript/typescript, go). Do not trigger for general code review, debugging, or non-security tasks.
To guide developers in identifying and mitigating security vulnerabilities specific to various web languages and frameworks.
功能
- Security best-practice reviews for Python, JavaScript/TypeScript, and Go
- Detailed guidance on preventing XSS, SQL injection, SSRF, and other common vulnerabilities
- Specific advice for popular frameworks like Express, Next.js, React, FastAPI, and Django
- Covers generation mode (writing secure code) and review mode (auditing existing code)
- Provides evidence-based findings with clear impact and fix recommendations
使用场景
- When developing new web applications in Python, JavaScript/TypeScript, or Go to ensure secure-by-default coding.
- When auditing existing web application codebases for security vulnerabilities.
- When seeking specific guidance on securing popular web frameworks like Express, Next.js, React, FastAPI, or Django.
- When responding to security alerts or proactively improving the security posture of a web project.
非目标
- Performing general code reviews unrelated to security.
- Debugging application logic that is not security-related.
- Providing security guidance for languages or frameworks not explicitly listed (Python, JS/TS, Go).
- Automating the fixing of vulnerabilities without user interaction or explicit requests.
Maintenance
- warning:Commit recencyThe last commit was over 3 months ago (March 3, 2026), suggesting potential maintenance gaps.
安装
请先添加 Marketplace
/plugin marketplace add lawvable/awesome-legal-skills/plugin install security-review-openai@lawvable质量评分
类似扩展
Cleanup Cycles
100Detect and untangle circular dependencies. Runs madge/skott (TS), pycycle (Py), or compiler-only checks (Go/Rust). Auto-fixes leaf-extractable cycles; reports core cycles for human review. Use when the user asks to find circular imports, fix dependency cycles, or untangle module graph. Example queries — "find circular imports", "fix dependency cycles", "untangle our module graph", "why is madge complaining".
Coding Standards
100Baseline cross-project coding conventions for naming, readability, immutability, and code-quality review. Use detailed frontend or backend skills for framework-specific patterns.
Codex PR Review
100Revisa pull requests en proyectos Drupal 11 (u otro) siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "revisión Codex", "revisión de PR", "revisar PR", "revisar PR"
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Deepinit
100Deep codebase initialization with hierarchical AGENTS.md documentation
Netlify Identity
100用于身份验证、用户注册、登录、密码恢复、OAuth 提供商、基于角色的访问控制或保护路由和函数。始终使用 `@netlify/identity`。切勿使用 `netlify-identity-widget` 或 `gotrue-js` — 它们已弃用。