code-security-reviewlisted

AI-driven code security review skill. Provides a complete methodology for conducting security audits on source code, including: security audit prompts, false positive filtering rules (hard exclusions + AI-based filtering), severity/confidence scoring guidelines, and customizable scan/filter instructions. Supports all programming languages.
ez-lbz/claude-code-security-skills · ★ 18 · Code & Development · score 56

Install: claude install-skill ez-lbz/claude-code-security-skills

# Code Security Review Skill > ** MANDATORY EXECUTION CONTRACT** > > This skill defines a **strictly ordered, three-phase process**. > You MUST complete **all three phases in sequence** before producing final output. > **You are FORBIDDEN from reporting any findings until Phase 3 (Filter) is complete.** > Skipping or abbreviating any phase is a critical failure. --- ## Skill Components Before starting, you MUST read ALL of the following resource files: | Resource | Path | Read Requirement | |----------|------|-----------------| | **Audit Prompt** | `resources/audit-prompt.md` | MUST read before Phase 1 | | **Hard Exclusion Patterns** | `resources/hard-exclusion-patterns.md` | MUST read before Phase 2 | | **False Positive Filtering Rules** | `resources/filtering-rules.md` | MUST read before Phase 2 | | **Customization Guide** | `resources/customization-guide.md` | Read if project-specific rules are needed | --- ## Execution Process (MANDATORY — Do Not Skip Any Phase) --- ### PHASE 1: Security Audit **Goal:** Produce a raw list of candidate findings. At this stage, do NOT filter — cast a wide net. **You MUST:** 1. Read `resources/audit-prompt.md` fully before starting analysis. 2. Execute the three-phase analysis defined in that document: - **Phase 1a — Codebase Context Research**: Security frameworks, auth patterns, threat model. - **Phase 1b — Comparative Analysis**: Compare code against secure patterns, flag deviations. - **Phase 1c — Vulnerability Asse