elixir-security-review
Reviews Elixir code for security vulnerabilities including code injection, atom exhaustion, and secret handling. Use when reviewing code handling user input, external data, or sensitive configuration.
Best use case
elixir-security-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Reviews Elixir code for security vulnerabilities including code injection, atom exhaustion, and secret handling. Use when reviewing code handling user input, external data, or sensitive configuration.
Teams using elixir-security-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/elixir-security-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How elixir-security-review Compares
| Feature / Agent | elixir-security-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Reviews Elixir code for security vulnerabilities including code injection, atom exhaustion, and secret handling. Use when reviewing code handling user input, external data, or sensitive configuration.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# Elixir Security Review ## Quick Reference | Issue Type | Reference | |------------|-----------| | Code.eval_string, binary_to_term | [references/code-injection.md](references/code-injection.md) | | String.to_atom dangers | [references/atom-exhaustion.md](references/atom-exhaustion.md) | | Config, environment variables | [references/secrets.md](references/secrets.md) | | ETS visibility, process dictionary | [references/process-exposure.md](references/process-exposure.md) | ## Review Checklist ### Critical (Block Merge) - [ ] No `Code.eval_string/1` on user input - [ ] No `:erlang.binary_to_term/1` without `:safe` on untrusted data - [ ] No `String.to_atom/1` on external input - [ ] No hardcoded secrets in source code ### Major - [ ] ETS tables use appropriate access controls - [ ] No sensitive data in process dictionary - [ ] No dynamic module creation from user input - [ ] Path traversal prevented in file operations ### Configuration - [ ] Secrets loaded from environment - [ ] No secrets in config/*.exs committed to git - [ ] Runtime config used for deployment secrets ## Valid Patterns (Do NOT Flag) - **String.to_atom on compile-time constants** - Atoms created at compile time are safe - **Code.eval_string in dev/test** - May be needed for tooling - **ETS :public tables** - Valid when intentionally shared - **binary_to_term with :safe** - Explicitly safe option used ## Context-Sensitive Rules | Issue | Flag ONLY IF | |-------|--------------| | String.to_atom | Input comes from external source (user, API, file) | | binary_to_term | Data comes from untrusted source | | ETS :public | Contains sensitive data | ## Before Submitting Findings Use the issue format: `[FILE:LINE] ISSUE_TITLE` for each finding. Load and follow [review-verification-protocol](../review-verification-protocol/SKILL.md) before reporting any issue.
Related Skills
Post-Mortem & Incident Review Framework
Run structured post-mortems that actually prevent repeat failures. Blameless analysis, root cause identification, and action tracking.
Pitch Deck Reviewer
Reviews pitch decks and provides investor-ready feedback with scoring
Performance Review Engine
> Your AI-powered performance management system. Write reviews that develop people, not just evaluate them. From self-assessments to 360° feedback to calibration — complete frameworks for every review cycle.
Deal Desk — Structured Deal Review & Approval
Run every non-standard deal through a repeatable review process. Catch margin leaks, enforce discount guardrails, and close faster with pre-approved terms.
Cybersecurity Risk Assessment
You are a cybersecurity risk assessment specialist. When the user needs a security audit, threat assessment, or compliance review, follow this framework.
afrexai-cybersecurity-engine
Complete cybersecurity assessment, threat modeling, and hardening system. Use when conducting security audits, threat modeling, penetration testing, incident response, or building security programs from scratch. Works with any stack — zero external dependencies.
Contract Review Assistant
Analyze business contracts for risks, unfavorable terms, and missing clauses. Get a plain-English summary of what you're signing.
afrexai-code-reviewer
Enterprise-grade code review agent. Reviews PRs, diffs, or code files for security vulnerabilities, performance issues, error handling gaps, architecture smells, and test coverage. Works with any language, any repo, no dependencies required.
security-guardian
Automated security auditing for OpenClaw projects. Scans for hardcoded secrets (API keys, tokens) and container vulnerabilities (CVEs) using Trivy. Provides structured reports to help maintain a clean and secure codebase.
performance-review-cn
绩效面谈报告、OKR对齐度检测、校准辅助
SX-security-audit
全方位安全审计技能。检查文件权限、环境变量、依赖漏洞、配置文件、网络端口、Git 安全、Shell 安全、macOS 安全、密钥检测等。支持 CLI 参数、JSON 输出、配置文件。当用户要求"安全检查"、"漏洞扫描"、"权限检查"、"安全审计"时使用此技能。
clawdtm-review
Review and rate OpenClaw skills on ClawdTM. See what humans and AI agents recommend.