Security Audit Codebase
技能 已验证 活跃Perform a security audit of a codebase checking for exposed secrets, vulnerable dependencies, injection vulnerabilities, insecure configurations, and OWASP Top 10 issues. Use before publishing or deploying a project, for periodic security reviews, after adding authentication or API integration, before open-sourcing a private repository, or when preparing for a security compliance audit.
To help developers and teams identify and fix security vulnerabilities in their codebase before deployment or open-sourcing, ensuring a more secure and compliant project.
功能
- Scan for exposed secrets (API keys, connection strings, private keys)
- Check .gitignore coverage for sensitive files
- Audit project dependencies for known vulnerabilities
- Detect SQL, command, and XSS injection vulnerabilities
- Review authentication and authorization configurations
- Check for insecure configurations (debug mode, permissive CORS, HTTP)
- Generate a structured security audit report
使用场景
- Before publishing or deploying a project
- For periodic security reviews of existing projects
- After adding authentication, API integration, or user input handling
- Before open-sourcing a private repository
非目标
- Performing dynamic analysis or penetration testing
- Fixing vulnerabilities automatically (provides guidance for manual remediation)
- Auditing compiled binaries or non-source code artifacts
安装
/plugin install agent-almanac@pjt222-agent-almanac质量评分
已验证类似扩展
Security Audit
99Deep security audit covering OWASP Top 10, authentication, authorization, data protection, dependency vulnerabilities, and secrets scanning. Delegates to the Centinela (QA) agent.
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Codex PR Review
100Revisa pull requests en proyectos Drupal 11 (u otro) siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "revisión Codex", "revisión de PR", "revisar PR", "revisar PR"
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Security Auditor
98Security vulnerability expert covering OWASP Top 10 and common security issues. Use when conducting security audits or reviewing code for vulnerabilities.
TradeMemory Protocol
100Evolution Engine 的领域知识 — 支持 LLM 从原始 OHLCV 数据中自主发现策略。涵盖生成-回测-选择-进化循环、向量化回测、样本外验证和策略梯度。在发现交易模式、运行回测、进化策略或审查进化日志时使用。由“evolve”、“discover patterns”、“backtest”、“evolution”、“strategy generation”、“candidate strategy”触发。