← Voltar para o catálogo Review security of command execution, tool permissions, and API key handling. Use when user mentions "security review", "audit", "check security", "vulnerabilities", or before deploying to production.
Ver no GitHub ↗ Copiar URL do repo Copiar link do SKILL.md Como adicionar Copiar comando /plugin marketplace add aiskillstore/marketplace O comando exato pode variar conforme o repositório. Confira o README no GitHub.
Para o autor da skill
Mostra que sua skill está catalogada na Skillteca, gera backlink e tráfego rastreável.
Markdown HTML
[](https://www.skillteca.com.br/skills/security-audit-mpsyvk5b?utm_source=badge&utm_medium=readme&utm_campaign=badge) Copiar snippet Habilidade de pesquisa de segurança em Modo Equipe que orquestra 3 caçadores de vulnerabilidades e 2 engenheiros de PoC para auditar um código, provar explorabilidade, classificar causas raiz e calibrar a severidade. É utilizada para revisão de segurança, pesquisa de vulnerabilidades, auditoria de explorabilidade e validação de modelo de ameaças.
Segurança por code-yeongyu
Provide a comprehensive, structured reference for the 100 most critical web application vulnerabilities organized by category. This skill enables systematic vulnerability identification, impact assessment, and remediation guidance across the full spectrum of web security threats.
Segurança #github #git por sickn33
Orchestrate multiple Antigravity skills through guided workflows for SaaS MVP delivery, security audits, AI agent builds, and browser QA.
Segurança #github #git por sickn33
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
Segurança #github #git por sickn33
Alerta por categoria
1 email curto, só com as skills novas de Segurança. 4 minutos de leitura, sem spam, cancela com 1 clique.
Você confirma o email no primeiro envio. Sem spam. Cancela com 1 clique.
Security Audit
Instructions
Command Execution Review (backend/main.py):
Check run_terminal_command() for shell injection vulnerabilities
Verify timeout is enforced (should be 15 seconds)
Look for dangerous command patterns
Tool Permission Review :
Verify Chat mode only allows: read_file, web_search
Check Agent mode tool restrictions
Look for permission bypass vulnerabilities
Secrets Management :
Ensure .env is in .gitignore
Check no API keys are hardcoded
Verify python-dotenv usage for environment variables
WebSocket Security :
Check for authentication on /ws endpoint
Review message validation
Look for injection points in user input
Frontend Security :
Check for XSS in markdown rendering
Review image upload handling (base64 encoding)
Verify no sensitive data in client-side code
Generate report with:
Critical issues (immediate action required)
Warnings (should fix before production)
Recommendations (best practices)
Examples
"Run a security audit"
"Check for vulnerabilities"
"Review security before deploy"
Guardrails
This is a READ-ONLY audit; do not modify files
Report findings without exploiting vulnerabilities
Recommend fixes but get user approval before implementing
Never log or expose discovered secrets
Ler descrição completa↓
Comentários · Nenhum comentário Ainda não há comentários. Seja o primeiro.