performing-security-code-review
This skill provides automated assistance for security agent tasks Execute this skill enables AI assistant to conduct a security-focused code review using the security-agent plugin. it analyzes code for potential vulnerabilities like sql injection, xss, authentication flaws, and insecure dependencies. AI assistant uses this skill wh... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
Best use case
performing-security-code-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
This skill provides automated assistance for security agent tasks Execute this skill enables AI assistant to conduct a security-focused code review using the security-agent plugin. it analyzes code for potential vulnerabilities like sql injection, xss, authentication flaws, and insecure dependencies. AI assistant uses this skill wh... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
Teams using performing-security-code-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/performing-security-code-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How performing-security-code-review Compares
| Feature / Agent | performing-security-code-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
This skill provides automated assistance for security agent tasks Execute this skill enables AI assistant to conduct a security-focused code review using the security-agent plugin. it analyzes code for potential vulnerabilities like sql injection, xss, authentication flaws, and insecure dependencies. AI assistant uses this skill wh... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# Security Agent This skill provides automated assistance for security agent tasks. ## Overview This skill empowers Claude to act as a security expert, identifying and explaining potential vulnerabilities within code. It leverages the security-agent plugin to provide detailed security analysis, helping developers improve the security posture of their applications. ## How It Works 1. **Receiving Request**: Claude identifies a user's request for a security review or audit of code. 2. **Activating Security Agent**: Claude invokes the security-agent plugin to analyze the provided code. 3. **Generating Security Report**: The security-agent produces a structured report detailing identified vulnerabilities, their severity, affected code locations, and recommended remediation steps. ## When to Use This Skill This skill activates when you need to: - Review code for security vulnerabilities. - Perform a security audit of a codebase. - Identify potential security risks in a software application. ## Examples ### Example 1: Identifying SQL Injection Vulnerability User request: "Please review this database query code for SQL injection vulnerabilities." The skill will: 1. Activate the security-agent plugin to analyze the database query code. 2. Generate a report identifying potential SQL injection vulnerabilities, including the vulnerable code snippet, its severity, and suggested remediation, such as using parameterized queries. ### Example 2: Checking for Insecure Dependencies User request: "Can you check this project's dependencies for known security vulnerabilities?" The skill will: 1. Utilize the security-agent plugin to scan the project's dependencies against known vulnerability databases. 2. Produce a report listing any vulnerable dependencies, their Common Vulnerabilities and Exposures (CVE) identifiers, and recommendations for updating to secure versions. ## Best Practices - **Specificity**: Provide the exact code or project you want reviewed. - **Context**: Clearly state the security concerns you have regarding the code. - **Iteration**: Use the findings to address vulnerabilities and request further reviews. ## Integration This skill integrates with Claude's code understanding capabilities and leverages the security-agent plugin to provide specialized security analysis. It can be used in conjunction with other code analysis tools to provide a comprehensive assessment of code quality and security. ## Prerequisites - Appropriate file access permissions - Required dependencies installed ## Instructions 1. Invoke this skill when the trigger conditions are met 2. Provide necessary context and parameters 3. Review the generated output 4. Apply modifications as needed ## Output The skill produces structured output relevant to the task. ## Error Handling - Invalid input: Prompts for correction - Missing dependencies: Lists required components - Permission errors: Suggests remediation steps ## Resources - Project documentation - Related skills and commands
Related Skills
weekly-review
Weekly project review report
tessl-skill-review
Evaluate, score, and review an Agent Skill or SKILL.md using Tessl as the primary evaluator. Use when asked to measure skill quality, score a skill, review a skill against best practices, compare before/after skill revisions, or generate structured improvement feedback for a skill directory or SKILL.md file.
skill-security-auditor
Scan and audit AI agent skills for security risks before installation. Produces a
security-compliance-compliance-check
You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform compliance audits and provide im...
security-audit
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
requesting-code-review
Use when completing tasks, implementing major features, or before merging to verify work meets requirements
receiving-code-review
Use when receiving code review feedback, before implementing suggestions, especially if feedback seems unclear or technically questionable - requires technical rigor and verification, not performative agreement or blind implementation
pre-push-security-scan
【铁律】Git push 前必须执行的安全扫描。防止 API keys、tokens、passwords、私钥等敏感信息被推送到远程仓库。适用于所有 git push、gh pr create、代码同步等场景。
metrics-review
Review and analyze product metrics with trend analysis and actionable insights. Use when running a weekly, monthly, or quarterly metrics review, investigating a sudden spike or drop, comparing performance against targets, or turning raw numbers into a scorecard with recommended actions.
legal-review
Review legal documents (NDA, contracts, agreements) for sensitive clauses, risks, and red flags
contract-review
Analyze contracts for risks, check completeness, and provide actionable recommendations. Supports employment contracts, NDAs, service agreements, and more.
code-review-quality
Conduct context-driven code reviews focusing on quality, testability, and maintainability. Use when reviewing code, providing feedback, or establishing review practices.