osop-review
Review .osop/.osoplog for security risks, permission gaps, and destructive commands
Best use case
osop-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Review .osop/.osoplog for security risks, permission gaps, and destructive commands
Teams using osop-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/osop-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How osop-review Compares
| Feature / Agent | osop-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Review .osop/.osoplog for security risks, permission gaps, and destructive commands
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# OSOP Workflow Reviewer Review a workflow or execution log for risks and issues. ## Target file $ARGUMENTS ## What to do 1. **Read the file** specified in the argument (`.osop` or `.osoplog.yaml`) 2. **Analyze for risks** — check each node for: - `security.risk_level: high|critical` without preceding `approval_gate` - `security.permissions` containing broad patterns (`write:*`, `admin:*`, `delete:*`) - `cli` nodes with destructive commands (`rm -rf`, `kubectl delete`, `terraform destroy`, `DROP TABLE`) - Hardcoded secrets (strings starting with `sk-`, `ghp_`, `xoxb-`, API keys) - Agent nodes without `cost.estimated` (unbounded cost exposure) - Missing `timeout_sec` on external call nodes (`api`, `cli`, `agent`, `infra`, `mcp`) - Missing error handling (no `fallback`/`error` edge) on medium+ risk nodes 3. **Compute risk score** (0-100): - Each node: `type_weight * risk_multiplier * mitigation_factor` - Type weights: cli=2, infra=2, db=1.5, agent=1.5, docker=1.5, cicd=1.5, api=1, others=0.5-1 - Risk multiplier: low=1, medium=2, high=4, critical=8 - Mitigations: approval_gate=-50%, retry_policy=-10%, fallback_edge=-20% - Finding penalty: low=+2, medium=+5, high=+10, critical=+20 4. **Present findings** in a clear table: ``` Risk Score: XX/100 — VERDICT (safe/caution/warning/danger) | Severity | Finding | Node | Suggestion | |----------|---------|------|------------| | CRITICAL | ... | ... | ... | ``` 5. **Summarize**: - Total permissions required - Secrets referenced - Estimated cost (if any) - Whether approval gates exist - Final verdict: is this safe to run? ## For .osoplog files If reviewing an execution log, also check: - Which tools were actually used and how many calls - Whether any nodes failed and why - AI reasoning decisions — were they sound? - Sub-agent hierarchy — was the spawning appropriate? - Total execution time and cost
Related Skills
Post-Mortem & Incident Review Framework
Run structured post-mortems that actually prevent repeat failures. Blameless analysis, root cause identification, and action tracking.
Pitch Deck Reviewer
Reviews pitch decks and provides investor-ready feedback with scoring
Performance Review Engine
> Your AI-powered performance management system. Write reviews that develop people, not just evaluate them. From self-assessments to 360° feedback to calibration — complete frameworks for every review cycle.
Deal Desk — Structured Deal Review & Approval
Run every non-standard deal through a repeatable review process. Catch margin leaks, enforce discount guardrails, and close faster with pre-approved terms.
Contract Review Assistant
Analyze business contracts for risks, unfavorable terms, and missing clauses. Get a plain-English summary of what you're signing.
afrexai-code-reviewer
Enterprise-grade code review agent. Reviews PRs, diffs, or code files for security vulnerabilities, performance issues, error handling gaps, architecture smells, and test coverage. Works with any language, any repo, no dependencies required.
performance-review-cn
绩效面谈报告、OKR对齐度检测、校准辅助
clawdtm-review
Review and rate OpenClaw skills on ClawdTM. See what humans and AI agents recommend.
cyber-owasp-review
Map application security findings to OWASP Top 10 categories and generate remediation checklists. Use for normalized AppSec review outputs and category-level prioritization.
plugin-review
Review plugin quality with tiered checks and dependency-aware scoping. Use for PR validation and pre-release audits
eo-ability-code-review
代码审查能力,调用CodeReviewer专家进行安全、性能、风格全面审查,输出问题列表和改进建议
amazon-review-workbook
Collect all customer reviews from an Amazon product URL or product-reviews URL through a logged-in Chrome session on port 9222, export a 14-column factual workbook, optionally fill translations through DeepLX, and then help the model tag the rows into a final delivery-ready spreadsheet. Use when the user sends an Amazon link and wants review scraping, competitor review analysis, review export, or a delivery-ready spreadsheet with usernames, review links, review time, helpful votes, translation, summary, sentiment, categories, and tags.