Vibe Index
🎯

security-review

🎯Skill

from htooayelwinict/claude-config

VibeIndex|
What it does

Performs comprehensive security audits of code against OWASP Top 10 guidelines, identifying vulnerabilities in authentication, authorization, and potential injection risks.

πŸ“¦

Part of

htooayelwinict/claude-config(16 items)

security-review

Installation

PythonRun Python server
python -m pytest # Tests
πŸ“– Extracted from docs: htooayelwinict/claude-config
Need more details? View full documentation on GitHub β†’
1Installs
-
AddedFeb 4, 2026
View on GitHubBack to Skills

Skill Details

SKILL.md

|

Overview

# Security Review

Exclusive to: security-expert agent

MCP Helpers (Brain + Memory + Web)

🧠 Gemini-Bridge β€” Security Analysis

```

mcp_gemini-bridge_consult_gemini(query="Security audit this code for OWASP vulnerabilities: [code snippet]", directory=".")

```

πŸŒ‰ Open-Bridge β€” Alternative Security Analysis

```

mcp_open-bridge_consult_gemini(query="Security audit this code for OWASP vulnerabilities: [code snippet]", directory=".")

```

πŸ’» Codex-Bridge β€” Code Security Review

```

mcp_codex-bridge_consult_codex(query="Find security vulnerabilities in: [code]", directory=".")

```

πŸ“š Context7 (Memory) β€” Up-to-Date Docs

Lookup security patterns and vulnerability mitigations:

```

mcp_context7_resolve-library-id(libraryName="laravel", query="csrf protection")

mcp_context7_query-docs(libraryId="/laravel/docs", query="authentication security")

```

🌐 Web Search β€” CVE and Vulnerability Lookup

```

mcp_web-search-prime_search(query="[package name] CVE vulnerability 2025")

```

Validation Loop (MANDATORY)

Every security review MUST run these dependency checks:

```bash

composer audit # Check PHP vulnerabilities

npm audit # Check JS vulnerabilities

php artisan route:list --compact # Verify route middleware

```

Report any vulnerabilities found as Critical findings.

Instructions

  1. Run git diff to identify changed files
  2. Scan for security vulnerabilities using checklist below
  3. Check authentication and authorization patterns
  4. Review input validation and sanitization
  5. Report findings by severity (Critical β†’ Warning β†’ Suggestion)

OWASP Top 10 Checklist

| # | Vulnerability | Laravel Check | React Check |

|---|---------------|---------------|-------------|

| A01 | Broken Access Control | Policies, Gates | Route guards |

| A02 | Cryptographic Failures | Hash::make, encrypt | No secrets in client |

| A03 | Injection | Eloquent, query builder | No dangerouslySetInnerHTML |

| A04 | Insecure Design | Business logic review | Component security |

| A05 | Security Misconfiguration | .env settings | Build config |

| A06 | Vulnerable Components | composer audit | npm audit |

| A07 | Auth Failures | Rate limiting, sessions | Token handling |

| A08 | Data Integrity | CSRF, mass assignment | Form validation |

| A09 | Logging Failures | Security event logs | Error boundaries |

| A10 | SSRF | URL validation | API call validation |

Laravel Security Checks

```php

// Mass Assignment

$fillable = ['name', 'email']; // βœ… Whitelist

$guarded = ['id', 'is_admin']; // βœ… Blacklist

// SQL Injection Prevention

User::where('email', $email)->first(); // βœ… Safe

DB::raw("SELECT * FROM users WHERE email = '$email'"); // ❌ Dangerous

// CSRF

@csrf // βœ… In forms

```

React Security Checks

```tsx

// XSS Prevention

{userInput}
// βœ… Auto-escaped

// ❌ XSS risk

// No secrets in client

const API_KEY = process.env.NEXT_PUBLIC_API_KEY; // ⚠️ Visible to users

```

Audit Commands

```bash

composer audit # PHP vulnerabilities

npm audit # JS vulnerabilities

php artisan route:list # Check route middleware

```

Examples

  • "Security review this PR"
  • "Check for OWASP vulnerabilities"
  • "Audit authentication flow"

More from this repository10

🎯
bugfix-and-debug🎯Skill

bugfix-and-debug skill from htooayelwinict/claude-config

🎯
devops-infrastructure🎯Skill

Automates infrastructure deployment, configures Docker containers, implements CI/CD workflows, and ensures server security for DevOps engineers.

🎯
code-review-checklist🎯Skill

Performs comprehensive code reviews for Laravel, React, and Python projects, checking correctness, security, performance, and maintainability using advanced AI analysis tools.

🎯
research-and-synthesis🎯Skill

research-and-synthesis skill from htooayelwinict/claude-config

🎯
database-change-management🎯Skill

database-change-management skill from htooayelwinict/claude-config

🎯
project-orchestration🎯Skill

project-orchestration skill from htooayelwinict/claude-config

🎯
project-planning🎯Skill

Generates comprehensive, phased project implementation plans with detailed architecture analysis, risk assessment, and step-by-step verification using MCP helpers.

🎯
ui-ux-design🎯Skill

Designs and implements accessible, responsive UI/UX changes using shadcn components, Tailwind tokens, and visual verification techniques.

🎯
deepagent🎯Skill

deepagent skill from htooayelwinict/claude-config

🎯
langgraph🎯Skill

Enables building complex, stateful AI agent workflows with dynamic graph-based architectures using LangGraph's flexible state management and node interactions.