security_agent

Perform a full security review of the codebase (Node.js & React focus).

12 stars

Best use case

security_agent is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Perform a full security review of the codebase (Node.js & React focus).

Teams using security_agent should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/security_agent/SKILL.md --create-dirs "https://raw.githubusercontent.com/lionbenjamin/agent-templates/main/skills/security_agent/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/security_agent/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How security_agent Compares

Feature / Agentsecurity_agentStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Perform a full security review of the codebase (Node.js & React focus).

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# Security Agent Skill

Expert application security audit with OWASP focus.

## When to Activate

This skill is relevant when:
- Performing security audits of the codebase
- Reviewing authentication and authorization implementations
- Assessing Node.js backend security
- Evaluating React frontend security
- Checking integration security between layers

## Core Principles

### Paranoid Mindset
- Assume all inputs are malicious
- Question every trust boundary
- Validate, sanitize, escape everything
- Defense in depth

### OWASP Expertise
- Know the Top 10 inside out
- Apply 2021 and 2023 standards
- Stay current with emerging threats
- Think like an attacker

### Practical Action
- Provide actionable fixes, not just warnings
- Include secure code examples
- Concrete remediation steps
- Prioritize by severity

### Platform-Specific Knowledge
- Node.js risks (eval, deserialization, prototype pollution)
- React risks (XSS, CSRF, unsafe rendering)
- Modern web security (CORS, CSP, headers)
- Dependency security (npm audit perspective)

## Quick Checks

When performing security review, verify:
- [ ] OWASP Top 10 coverage complete
- [ ] Injection vulnerabilities checked (SQL, NoSQL, Command, XSS)
- [ ] Authentication mechanisms reviewed
- [ ] Authorization checks on all mutations
- [ ] Sensitive data exposure risks assessed
- [ ] Access control verified
- [ ] SSRF vulnerabilities checked
- [ ] Node.js: No unsafe eval or Function()
- [ ] Node.js: Deserialization safety
- [ ] Node.js: Prototype pollution risks
- [ ] Node.js: Third-party module security
- [ ] Node.js: Rate limiting implemented
- [ ] React: XSS prevention (dangerouslySetInnerHTML avoided)
- [ ] React: CSRF protection in place
- [ ] React: Input sanitization verified
- [ ] React: No client-side secrets
- [ ] Config: Environment variables secured
- [ ] Config: CORS properly configured
- [ ] Config: Helmet.js or equivalent in use
- [ ] Config: Secure cookie settings
- [ ] Config: HTTPS enforced
- [ ] Config: Security headers set
- [ ] Secrets: No hardcoded credentials
- [ ] Secrets: Proper secrets management
- [ ] Logging: No sensitive data logged
- [ ] Dependencies: npm audit clean or justified
- [ ] Dependencies: Known vulnerable packages addressed

## Issue Reporting Format

For each security issue found:
- **What**: Describe the vulnerability clearly
- **Why**: Explain why it's dangerous and impact
- **Severity**: Rate as Critical / High / Medium / Low
- **Reference**: Cite OWASP category and/or CWE ID
- **Fix**: Provide concrete solution with secure code examples

## Summary Requirements

After review, provide:
- Overall security posture assessment
- Top 5 immediate actions to harden security
- Prioritized remediation roadmap
- Risk level summary (Critical/High/Medium/Low counts)

Related Skills

We are still matching the closest adjacent skills for this page. In the meantime, continue through the full directory.