{"id":"98833657-b4db-4af9-b0ad-124a21e8bfde","shortId":"Pq6dZD","kind":"skill","title":"review-security","tagline":"Perform a security review using STRIDE threat modeling, OWASP Top 10 analysis, and automated scanning (gosec, govulncheck). Use when the user asks for a security review, threat model, OWASP analysis, or security audit.","description":"# Security Review\n\nStructured security review producing actionable, prioritized findings with code-level references.\n\n## Workflow\n\n### 1. Scope and explore\n\n- Confirm scope with the user: full codebase, specific packages/directories, changed files only (PR or branch diff), or specific concern.\n- **Resolve scope to a file/package list.** Based on what the user requested:\n  - **Changed files (PR or branch):** Run `git diff --name-only --diff-filter=d <base>...HEAD` to get changed files (default `<base>` is `main`). If the user references a PR number, use `gh pr diff <number> --name-only` instead. Filter to relevant file types (`.go`, config files). Derive affected Go packages from the file paths (unique parent directories containing `.go` files).\n  - **Explicit paths/packages:** The user may specify directories (e.g. `internal/auth/`), Go package patterns (e.g. `./internal/auth/...`), or individual files. When given a directory or package pattern, include all files under it. Derive Go package paths for static analysis tool invocations.\n  - **Full codebase:** No filtering. Explore everything (default).\n- **Pass the resolved scope** (file list and derived package paths) to all exploration and investigation subagents so they only read and analyze scoped files. Static analysis tools receive package paths; manual review subagents receive the file list.\n- Explore the scoped code using parallel subagents (`subagent_type=\"explore\"`). Read all relevant source files, configs, and dependency manifests.\n\n### 2. System overview\n\nProduce a brief architecture summary covering:\n- Services, ports, and transport (gRPC, HTTP, etc.)\n- Authentication and authorization mechanisms\n- Data stores and external dependencies\n- Deployment model (if discernible)\n\n### 3. Launch investigation subagents in parallel\n\nDetermine which subagents are applicable based on the scoped files:\n- **STRIDE Threat Model**: applicable if code files (`.go`, `.rs`, `.ts`, `.tsx`, `.js`, `.jsx`, `.swift`, `.kt`, `.kts`, `.py`, `.rb`) or infrastructure files (Dockerfiles, k8s manifests, Terraform, CI configs) exist in scope\n- **OWASP Top 10 Analysis**: applicable if code files or infrastructure files exist in scope\n- **Security Static Analysis**: applicable if `.go` files exist in scope\n\nIf only non-code files (e.g. `.md`, images) are in scope, skip all subagents and report that no security-relevant code was found.\n\nLaunch applicable investigation subagents concurrently using the Task tool. Each receives the system overview and list of in-scope files as context.\n\nEvery investigation subagent must check each finding against existing documentation: TODO comments, README notes, FIXME/HACK/XXX comments, and issue tracker references. Report tracked findings but mark them accordingly.\n\n**Subagent A — STRIDE Threat Model** (`subagent_type=\"generalPurpose\"`, `model: opus` per `subagent-model-routing` — always on; threat modeling requires design-level reasoning, requires code or infra files)\n\nPrompt the subagent to:\n- Read all in-scope source files.\n- Analyze against all 6 STRIDE categories (see [reference.md](reference.md)).\n- For each finding, search nearby code and project documentation for existing TODOs or notes.\n- Return findings using the **per-category findings** template with S/T/R/I/D/E prefixes.\n- Every finding must include specific file paths, line numbers or function names, a severity rating (CRITICAL / HIGH / MEDIUM / LOW), and tracking status.\n\n**Subagent B — OWASP Top 10 Analysis** (`subagent_type=\"generalPurpose\"`, `model: opus` per `subagent-model-routing` — always on; threat modeling requires design-level reasoning, requires code or infra files)\n\nPrompt the subagent to:\n- Read all in-scope source files.\n- Analyze against all 10 OWASP categories A01–A10 (see [reference.md](reference.md)).\n- For each finding, search nearby code and project documentation for existing TODOs or notes.\n- Return findings using the **per-category findings** template with A01–A10 prefixes.\n- Every finding must include specific file paths, line numbers or function names, a severity rating, and tracking status.\n\n**Subagent C — Security Static Analysis** (`subagent_type=\"generalPurpose\"`, `model: sonnet` per `subagent-model-routing` — tool wrangling and output parsing, not threat modeling, requires `.go` files)\n\nPrompt the subagent to run automated security scanning tools via Shell and report findings with `SEC-` prefixed IDs. In each command below, replace `./...` with the resolved package paths when scope is narrowed (e.g. `./internal/auth/...`). Use `./...` only for full-codebase scope.\n- **gosec**: `go run github.com/securego/gosec/v2/cmd/gosec@latest -fmt json -quiet ./...`. Parse JSON output for security findings. Map each gosec rule to the relevant STRIDE/OWASP category.\n- **govulncheck**: `go run golang.org/x/vuln/cmd/govulncheck@latest ./...`. Report known CVEs in dependencies, filtered to actually-called functions.\n- If a tool fails, skip it but note why in a **Tool Availability** section.\n- For each finding, search nearby code and project documentation for existing TODOs or notes.\n- Return findings using the **per-category findings** template with `SEC-` prefixed IDs.\n\n### 4. Summarize and deduplicate\n\nAfter all subagents complete, launch a summarization subagent (`subagent_type=\"generalPurpose\"`) with the full findings from each investigation subagent.\n\nPrompt it to:\n1. **Deduplicate** overlapping findings across STRIDE, OWASP, and static analysis.\n2. **Cross-reference** each deduplicated finding to its source IDs.\n3. **Preserve tracking status**. A finding is tracked if any source subagent marked it as tracked.\n4. **Prioritize**. Produce a consolidated findings table ordered by severity.\n5. **Recommend fix order**, considering dependencies between findings and effort estimates.\n6. **Tool Availability summary**. Consolidate from all subagents.\n\n### 5. Present results\n\nResolve the review output directory:\n\n```sh\nREVIEW_DATE=$(date +%Y-%m-%d)\nREVIEW_DIR=\"reviews/${REVIEW_DATE}\"\nif [ -d \"$REVIEW_DIR\" ]; then REVIEW_DIR=\"reviews/${REVIEW_DATE}-$(date +%H%M)\"; fi\nmkdir -p \"$REVIEW_DIR\"\n```\n\nCapture run metadata (see [Run metadata header](#run-metadata-header) below) and prepend the rendered block to `${REVIEW_DIR}/SECURITY-REVIEW.md`.\n\nWrite the summarization output to `${REVIEW_DIR}/SECURITY-REVIEW.md`, structured as:\n1. Run metadata header\n2. Tool availability summary\n3. System overview (from step 2)\n4. Consolidated findings table (with tracking status inline)\n5. Recommended fix order\n\nPresent the report to the user.\n\n---\n\n## Run metadata header\n\nCapture once near `REVIEW_DIR` resolution and prepend the rendered block to the output document:\n\n```sh\nRUN_DATETIME=$(date -u +\"%Y-%m-%d %H:%M UTC\")\nGIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)\nGIT_COMMIT=$(git rev-parse --short HEAD)\nGIT_COMMIT_FULL=$(git rev-parse HEAD)\nGIT_SUBJECT=$(git log -1 --pretty=%s)\n# When scope is diff-based, also: BASE_REF=<base>; BASE_COMMIT=$(git rev-parse --short \"$BASE_REF\")\n```\n\nHeader template (placed at the top of the output `.md`, before the H1 title):\n\n```markdown\n> **Run:** {RUN_DATETIME}\n> **Branch:** {GIT_BRANCH} @ {GIT_COMMIT} (`{GIT_COMMIT_FULL}`)\n> **Subject:** {GIT_SUBJECT}\n> **Base:** {BASE_REF} @ {BASE_COMMIT}   <!-- omit when scope is not diff-based -->\n> **Scope:** {scope description}\n```\n\n---\n\n## Finding link wrapping (PR mode)\n\nWhen the review is scoped to a GitHub PR (`pr_url` is provided by the caller, or, when run standalone, `gh pr view --json url -q .url 2>/dev/null` returns one), wrap every `path:line` reference inside the finding tables below as a Markdown link:\n\n```sh\n~/.claude/scripts/pr-deeplink.sh \"$pr_url\" <path> <line>\n# pr_url set   → [path:line](https://github.com/.../pull/N/files#diff-<hash>R<line>)\n# pr_url empty → path:line   (plain text, unchanged)\n```\n\nThe display text stays `path:line` so plain and linked tables look identical; only the URL goes in the link target. Pass `L` as the fourth argument for findings about removed code (default is `R`). Omit `<line>` for file-level findings to get a file-anchor link. Apply the same wrapping to `path:line` references inside the Tracked column (e.g. `TODO in foo.go:42`). Findings themselves follow `terse-comments`: concrete fix, optional `bug:`/`risk:`/`nit:`/`unsure:` prefix, no praise or restating the diff.\n\n---\n\n## Output Templates\n\n### Per-category findings\n\n```markdown\n### S — Spoofing Identity\n\n| # | Finding | Severity | Tracked |\n|---|---------|----------|---------|\n| S1 | **Description.** Specific code reference (file:line). Explanation of risk. | CRITICAL | — |\n| S2 | Description with code reference. | MEDIUM | TODO in file:line |\n```\n\n### Consolidated security findings (deduplicated)\n\n```markdown\n| Severity | ID | Finding | STRIDE | OWASP | Tracked |\n|----------|----|---------|--------|-------|---------|\n| CRITICAL | 1 | Description with code references | S1, E1 | A01, A07 | — |\n| HIGH | 2 | Description with code references | T2 | A04 | TODO in file:line |\n```\n\nSeverity levels: **CRITICAL**, **HIGH**, **MEDIUM**, **LOW**.\n\n**Tracked column values:** Use `—` for new findings. For already-captured findings, indicate the type and location: `TODO in file:line`, `FIXME in file:line`, `README`, `#123` (issue reference), etc.\n\n### Re-evaluation table (for follow-up reviews)\n\nWhen the user requests a follow-up review after fixes:\n\n```markdown\n| Finding | Status | What Changed |\n|---------|--------|--------------|\n| ~~1. Description~~ | FIXED | Brief explanation of the fix |\n| 2. Description | Still applicable | No changes |\n```\n\n---\n\n## Guidelines\n\n- Search the organization's codebase (Sourcegraph, GitHub) for existing patterns before recommending new approaches.\n- Cross-reference findings between STRIDE and OWASP to avoid duplicate entries in the consolidated table.\n- Include effort estimates to help prioritize implementation.\n- When the user asks for a follow-up review, find the most recent review directory (`ls -d reviews/*/ 2>/dev/null | sort | tail -1`) containing `SECURITY-REVIEW.md`, re-evaluate all prior findings, and update with the re-evaluation table appended.\n- For detailed framework categories, see [reference.md](reference.md).\n- **REVIEW.md integration**: If a `REVIEW.md` context section was provided by the review-all orchestrator (or exists at the repository root when running standalone), treat its rules as additional review criteria. \"Always check\" items are HIGH severity; domain-specific items (Security section) are MEDIUM severity. \"Skip\" patterns exclude matching files from review scope.\n- Findings must cite probed evidence (`path:line`, grep output, command result), not pattern-matched suspicion. Per `~/.claude/rules/probe-not-assume.md`.","tags":["review","security","skill","issue","paultyng","agent-skills","ai-tools","claude-code","cursor","dotfiles"],"capabilities":["skill","source-paultyng","skill-review-security","topic-agent-skills","topic-ai-tools","topic-claude-code","topic-cursor","topic-dotfiles"],"categories":["skill-issue"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/paultyng/skill-issue/review-security","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add paultyng/skill-issue","source_repo":"https://github.com/paultyng/skill-issue","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (10,758 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:02.999Z","embedding":null,"createdAt":"2026-05-18T13:21:28.050Z","updatedAt":"2026-05-18T19:09:02.999Z","lastSeenAt":"2026-05-18T19:09:02.999Z","tsv":"'-1':1017,1433 '/.../pull/n/files#diff-':1136 '/.claude/rules/probe-not-assume.md':1529 '/.claude/scripts/pr-deeplink.sh':1126 '/dev/null':1108,1430 '/internal/auth':160,675 '/securego/gosec/v2/cmd/gosec@latest':688 '/security-review.md':915,923 '/x/vuln/cmd/govulncheck@latest':712 '1':52,791,926,1276,1358 '10':14,325,523,563 '123':1329 '2':248,801,930,939,1107,1286,1366,1429 '3':277,812,934 '4':765,828,940 '5':838,857,948 '6':465,849 'a01':566,595,1283 'a04':1292 'a07':1284 'a10':567,596 'abbrev':994 'abbrev-ref':993 'accord':421 'across':795 'action':43 'actual':721 'actually-cal':720 'addit':1486 'affect':134 'alreadi':1312 'already-captur':1311 'also':1026 'alway':437,535,1489 'analysi':15,33,182,217,326,339,524,620,800 'analyz':213,462,560 'anchor':1192 'append':1450 'appli':1194 'applic':287,296,327,340,373,1369 'approach':1386 'architectur':254 'argument':1172 'ask':25,1413 'audit':36 'authent':264 'author':266 'autom':17,647 'avail':736,851,932 'avoid':1396 'b':520 'base':81,288,1025,1027,1029,1036,1067,1068,1070 'block':911,971 'branch':70,91,988,1056,1058 'brief':253,1361 'bug':1219 'c':617 'call':722 'caller':1095 'captur':895,961,1313 'categori':467,491,565,591,706,758,1234,1454 'chang':65,87,105,1357,1371 'check':399,1490 'ci':318 'cite':1514 'code':48,232,298,329,351,369,447,476,545,576,743,1177,1246,1257,1279,1289 'code-level':47 'codebas':62,186,681,1377 'column':1205,1304 'command':662,1521 'comment':406,410,1215 'commit':998,1006,1030,1060,1062,1071 'complet':772 'concern':74 'concret':1216 'concurr':376 'config':131,244,319 'confirm':56 'consid':842 'consolid':832,853,941,1264,1401 'contain':144,1434 'context':394,1463 'cover':256 'criteria':1488 'critic':512,1253,1275,1299 'cross':803,1388 'cross-refer':802,1387 'cves':715 'd':101,871,878,983,1427 'data':268 'date':867,868,876,886,887,979 'datetim':978,1055 'dedupl':768,792,806,1267 'default':107,191,1178 'depend':246,272,717,843 'deploy':273 'deriv':133,176,199 'descript':1074,1244,1255,1277,1287,1359,1367 'design':443,541 'design-level':442,540 'detail':1452 'determin':283 'diff':71,94,99,120,1024,1229 'diff-bas':1023 'diff-filt':98 'dir':873,880,883,894,914,922,965 'directori':143,153,167,864,1425 'discern':276 'display':1147 'dockerfil':314 'document':404,479,579,746,975 'domain':1496 'domain-specif':1495 'duplic':1397 'e.g':154,159,353,674,1206 'e1':1282 'effort':847,1404 'empti':1140 'entri':1398 'estim':848,1405 'etc':263,1332 'evalu':1335,1438,1448 'everi':395,497,598,1112 'everyth':190 'evid':1516 'exclud':1506 'exist':320,334,344,403,481,581,748,1381,1474 'explan':1250,1362 'explicit':147 'explor':55,189,204,229,238 'extern':271 'fail':727 'fi':890 'file':66,88,106,128,132,139,146,163,173,196,215,227,243,292,299,313,330,333,343,352,392,450,461,502,548,559,603,641,1184,1191,1248,1262,1295,1322,1326,1508 'file-anchor':1190 'file-level':1183 'file/package':79 'filter':100,125,188,718 'find':45,401,417,473,486,492,498,573,586,592,599,655,697,740,753,759,783,794,807,817,833,845,942,1075,1118,1174,1186,1210,1235,1240,1266,1271,1309,1314,1354,1390,1420,1441,1512 'fix':840,950,1217,1352,1360,1365 'fixm':1324 'fixme/hack/xxx':409 'fmt':689 'follow':1212,1339,1348,1417 'follow-up':1338,1347,1416 'foo.go:42':1209 'found':371 'fourth':1171 'framework':1453 'full':61,185,680,782,1007,1063 'full-codebas':679 'function':507,608,723 'generalpurpos':429,527,623,779 'get':104,1188 'gh':118,1100 'git':93,987,989,997,999,1005,1008,1013,1015,1031,1057,1059,1061,1065 'github':1087,1379 'github.com':687,1135 'github.com/.../pull/n/files#diff-':1134 'github.com/securego/gosec/v2/cmd/gosec@latest':686 'given':165 'go':130,135,145,156,177,300,342,640,684,708 'goe':1162 'golang.org':711 'golang.org/x/vuln/cmd/govulncheck@latest':710 'gosec':19,683,700 'govulncheck':20,707 'grep':1519 'grpc':261 'guidelin':1372 'h':888,984 'h1':1050 'head':102,996,1004,1012 'header':901,905,929,960,1038 'help':1407 'high':513,1285,1300,1493 'http':262 'id':659,764,811,1270 'ident':1158,1239 'imag':355 'implement':1409 'in-scop':389,457,555 'includ':171,500,601,1403 'indic':1315 'individu':162 'infra':449,547 'infrastructur':312,332 'inlin':947 'insid':1116,1202 'instead':124 'integr':1459 'internal/auth':155 'investig':206,279,374,396,786 'invoc':184 'issu':412,1330 'item':1491,1498 'js':304 'json':690,693,1103 'jsx':305 'k8s':315 'known':714 'kt':307 'kts':308 'l':1168 'launch':278,372,773 'level':49,444,542,1185,1298 'line':504,605,1114,1133,1142,1151,1200,1249,1263,1296,1323,1327,1518 'link':1076,1124,1155,1165,1193 'list':80,197,228,387 'locat':1319 'log':1016 'look':1157 'low':515,1302 'ls':1426 'm':870,889,982,985 'main':109 'manifest':247,316 'manual':222 'map':698 'mark':419,824 'markdown':1052,1123,1236,1268,1353 'match':1507,1526 'may':151 'md':354,1047 'mechan':267 'medium':514,1259,1301,1502 'metadata':897,900,904,928,959 'mkdir':891 'mode':1079 'model':11,31,274,295,426,430,435,440,528,533,538,624,629,638 'must':398,499,600,1513 'name':96,122,508,609 'name-on':95,121 'narrow':673 'near':963 'nearbi':475,575,742 'new':1308,1385 'nit':1221 'non':350 'non-cod':349 'note':408,484,584,731,751 'number':116,505,606 'omit':1181 'one':1110 'option':1218 'opus':431,529 'orchestr':1472 'order':835,841,951 'organ':1375 'output':634,694,863,919,974,1046,1230,1520 'overlap':793 'overview':250,385,936 'owasp':12,32,323,521,564,797,1273,1394 'p':892 'packag':136,157,169,178,200,220,668 'packages/directories':64 'parallel':234,282 'parent':142 'pars':635,692,992,1002,1011,1034 'pass':192,1167 'path':140,179,201,221,503,604,669,1113,1132,1141,1150,1199,1517 'paths/packages':148 'pattern':158,170,1382,1505,1525 'pattern-match':1524 'per':432,490,530,590,626,757,1233,1528 'per-categori':489,589,756,1232 'perform':4 'place':1040 'plain':1143,1153 'port':258 'pr':68,89,115,119,1078,1088,1089,1101,1127,1129,1138 'prais':1225 'prefix':496,597,658,763,1223 'prepend':908,968 'present':858,952 'preserv':813 'pretti':1018 'prior':1440 'priorit':44,829,1408 'probe':1515 'produc':42,251,830 'project':478,578,745 'prompt':451,549,642,788 'provid':1092,1466 'py':309 'q':1105 'quiet':691 'r':1137,1180 'rate':511,612 'rb':310 're':1334,1437,1447 're-evalu':1333,1436,1446 'read':211,239,455,553 'readm':407,1328 'reason':445,543 'receiv':219,225,382 'recent':1423 'recommend':839,949,1384 'ref':995,1028,1037,1069 'refer':50,113,414,804,1115,1201,1247,1258,1280,1290,1331,1389 'reference.md':469,470,569,570,1456,1457 'relev':127,241,368,704 'remov':1176 'render':910,970 'replac':664 'report':363,415,654,713,954 'repositori':1477 'request':86,1345 'requir':441,446,539,544,639 'resolut':966 'resolv':75,194,667,860 'restat':1227 'result':859,1522 'return':485,585,752,1109 'rev':991,1001,1010,1033 'rev-pars':990,1000,1009,1032 'review':2,7,29,38,41,223,862,866,872,874,875,879,882,884,885,893,913,921,964,1082,1341,1350,1419,1424,1428,1470,1487,1510 'review-al':1469 'review-secur':1 'review.md':1458,1462 'risk':1220,1252 'root':1478 'rout':436,534,630 'rs':301 'rule':701,1484 'run':92,646,685,709,896,899,903,927,958,977,1053,1054,1098,1480 'run-metadata-head':902 's/t/r/i/d/e':495 's1':1243,1281 's2':1254 'scan':18,649 'scope':53,57,76,195,214,231,291,322,336,346,358,391,459,557,671,682,1021,1072,1073,1084,1511 'search':474,574,741,1373 'sec':657,762 'section':737,1464,1500 'secur':3,6,28,35,37,40,337,367,618,648,696,1265,1499 'security-relev':366 'security-review.md':1435 'see':468,568,898,1455 'servic':257 'set':1131 'sever':510,611,837,1241,1269,1297,1494,1503 'sh':865,976,1125 'shell':652 'short':1003,1035 'skill' 'skill-review-security' 'skip':359,728,1504 'sonnet':625 'sort':1431 'sourc':242,460,558,810,822 'source-paultyng' 'sourcegraph':1378 'specif':63,73,501,602,1245,1497 'specifi':152 'spoof':1238 'standalon':1099,1481 'static':181,216,338,619,799 'status':518,615,815,946,1355 'stay':1149 'step':938 'still':1368 'store':269 'stride':9,293,424,466,796,1272,1392 'stride/owasp':705 'structur':39,924 'subag':207,224,235,236,280,285,361,375,397,422,427,434,453,519,525,532,551,616,621,628,644,771,776,777,787,823,856 'subagent-model-rout':433,531,627 'subject':1014,1064,1066 'summar':766,775,918 'summari':255,852,933 'suspicion':1527 'swift':306 'system':249,384,935 't2':1291 'tabl':834,943,1119,1156,1336,1402,1449 'tail':1432 'target':1166 'task':379 'templat':493,593,760,1039,1231 'terraform':317 'ters':1214 'terse-com':1213 'text':1144,1148 'threat':10,30,294,425,439,537,637 'titl':1051 'todo':405,482,582,749,1207,1260,1293,1320 'tool':183,218,380,631,650,726,735,850,931 'top':13,324,522,1043 'topic-agent-skills' 'topic-ai-tools' 'topic-claude-code' 'topic-cursor' 'topic-dotfiles' 'track':416,517,614,814,819,827,945,1204,1242,1274,1303 'tracker':413 'transport':260 'treat':1482 'ts':302 'tsx':303 'type':129,237,428,526,622,778,1317 'u':980 'unchang':1145 'uniqu':141 'unsur':1222 'updat':1443 'url':1090,1104,1106,1128,1130,1139,1161 'use':8,21,117,233,377,487,587,676,754,1306 'user':24,60,85,112,150,957,1344,1412 'utc':986 'valu':1305 'via':651 'view':1102 'workflow':51 'wrangl':632 'wrap':1077,1111,1197 'write':916 'y':869,981","prices":[{"id":"52c323b7-1348-41aa-872b-58185712a3ba","listingId":"98833657-b4db-4af9-b0ad-124a21e8bfde","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"paultyng","category":"skill-issue","install_from":"skills.sh"},"createdAt":"2026-05-18T13:21:28.050Z"}],"sources":[{"listingId":"98833657-b4db-4af9-b0ad-124a21e8bfde","source":"github","sourceId":"paultyng/skill-issue/review-security","sourceUrl":"https://github.com/paultyng/skill-issue/tree/main/skills/review-security","isPrimary":false,"firstSeenAt":"2026-05-18T13:21:28.050Z","lastSeenAt":"2026-05-18T19:09:02.999Z"}],"details":{"listingId":"98833657-b4db-4af9-b0ad-124a21e8bfde","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"paultyng","slug":"review-security","github":{"repo":"paultyng/skill-issue","stars":8,"topics":["agent-skills","ai-tools","claude-code","cursor","dotfiles"],"license":"mit","html_url":"https://github.com/paultyng/skill-issue","pushed_at":"2026-05-18T18:26:54Z","description":"Personal Claude Code / Cursor agent skills, rules, and config","skill_md_sha":"0efbeb5f78c44f5c91712affbae9990a3ad18722","skill_md_path":"skills/review-security/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/paultyng/skill-issue/tree/main/skills/review-security"},"layout":"multi","source":"github","category":"skill-issue","frontmatter":{"name":"review-security","description":"Perform a security review using STRIDE threat modeling, OWASP Top 10 analysis, and automated scanning (gosec, govulncheck). Use when the user asks for a security review, threat model, OWASP analysis, or security audit."},"skills_sh_url":"https://skills.sh/paultyng/skill-issue/review-security"},"updatedAt":"2026-05-18T19:09:02.999Z"}}