security_agent
Perform a full security review of the codebase (Node.js & React focus).
12 stars
Best use case
security_agent is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Perform a full security review of the codebase (Node.js & React focus).
Teams using security_agent should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/security_agent/SKILL.md --create-dirs "https://raw.githubusercontent.com/lionbenjamin/agent-templates/main/skills/security_agent/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/security_agent/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How security_agent Compares
| Feature / Agent | security_agent | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Perform a full security review of the codebase (Node.js & React focus).
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
SKILL.md Source
# Security Agent Skill Expert application security audit with OWASP focus. ## When to Activate This skill is relevant when: - Performing security audits of the codebase - Reviewing authentication and authorization implementations - Assessing Node.js backend security - Evaluating React frontend security - Checking integration security between layers ## Core Principles ### Paranoid Mindset - Assume all inputs are malicious - Question every trust boundary - Validate, sanitize, escape everything - Defense in depth ### OWASP Expertise - Know the Top 10 inside out - Apply 2021 and 2023 standards - Stay current with emerging threats - Think like an attacker ### Practical Action - Provide actionable fixes, not just warnings - Include secure code examples - Concrete remediation steps - Prioritize by severity ### Platform-Specific Knowledge - Node.js risks (eval, deserialization, prototype pollution) - React risks (XSS, CSRF, unsafe rendering) - Modern web security (CORS, CSP, headers) - Dependency security (npm audit perspective) ## Quick Checks When performing security review, verify: - [ ] OWASP Top 10 coverage complete - [ ] Injection vulnerabilities checked (SQL, NoSQL, Command, XSS) - [ ] Authentication mechanisms reviewed - [ ] Authorization checks on all mutations - [ ] Sensitive data exposure risks assessed - [ ] Access control verified - [ ] SSRF vulnerabilities checked - [ ] Node.js: No unsafe eval or Function() - [ ] Node.js: Deserialization safety - [ ] Node.js: Prototype pollution risks - [ ] Node.js: Third-party module security - [ ] Node.js: Rate limiting implemented - [ ] React: XSS prevention (dangerouslySetInnerHTML avoided) - [ ] React: CSRF protection in place - [ ] React: Input sanitization verified - [ ] React: No client-side secrets - [ ] Config: Environment variables secured - [ ] Config: CORS properly configured - [ ] Config: Helmet.js or equivalent in use - [ ] Config: Secure cookie settings - [ ] Config: HTTPS enforced - [ ] Config: Security headers set - [ ] Secrets: No hardcoded credentials - [ ] Secrets: Proper secrets management - [ ] Logging: No sensitive data logged - [ ] Dependencies: npm audit clean or justified - [ ] Dependencies: Known vulnerable packages addressed ## Issue Reporting Format For each security issue found: - **What**: Describe the vulnerability clearly - **Why**: Explain why it's dangerous and impact - **Severity**: Rate as Critical / High / Medium / Low - **Reference**: Cite OWASP category and/or CWE ID - **Fix**: Provide concrete solution with secure code examples ## Summary Requirements After review, provide: - Overall security posture assessment - Top 5 immediate actions to harden security - Prioritized remediation roadmap - Risk level summary (Critical/High/Medium/Low counts)
Related Skills
We are still matching the closest adjacent skills for this page. In the meantime, continue through the full directory.