安装
npx skills add https://github.com/zackkorman/skills --skill security-review-2
- Security Review 2 Guidelines
- First, run
- npx skills add zackkorman/skills --skill security-review
- . This gives you the first version of this skill, which this skill uses.
- Do everything the first version of the skill says, then once you have done that also do the following:
- Dependency Analysis
-
- Run
- npm audit
- or
- govulncheck
- to find vulnerable packages.
- Secret Scanning
-
- Check for leaked API keys using
- grep
- or
- trivy
- .
- Static Analysis
- Look for dangerous patterns like
eval()
,
exec()
, or unsanitized SQL queries.
← 返回排行榜