ReddRadar
Agent skill
security-reviewer
Security review wrapper for vibe review flow. Detects OWASP-style risks, secret leaks, auth flaws, and unsafe input handling.
Install this agent skill to your Project
npx add-skill https://github.com/foryourhealth111-pixel/Vibe-Skills/tree/main/bundled/skills/security-reviewer
SKILL.md
security-reviewer (Codex Compatibility)
Use this skill after code changes that touch input handling, auth, APIs, data access, uploads, payments, or external integrations.
Security Review Workflow
- Initial Scan
- Locate auth, API endpoints, DB queries, file handling, and external calls.
- Check for hardcoded secrets and unsafe config defaults.
- OWASP-Oriented Checks
- Injection: parameterized queries, sanitized inputs.
- AuthZ/AuthN: enforce authorization per route, secure session/token handling.
- Data exposure: secrets/PII protection and safe logging.
- XSS/SSRF: output encoding, URL allowlist, no blind fetch of user URLs.
- Dependency risk: audit vulnerable dependencies.
- High-Risk Pattern Audit
- Hardcoded secrets/tokens
- Command execution with user input
- SQL string concatenation
- Missing auth check
- Missing rate limiting on sensitive endpoints
- Unsafe crypto/password handling
- Remediation Output
- Severity (CRITICAL/HIGH/MEDIUM/LOW)
- Evidence (file + line + risk)
- Concrete fix proposal
- Verification steps after fix
Vibe Integration
- Security gate skill usable at any grade.
- Pair with
security-best-practicesfor language/framework-specific guidance. - Pair with
code-reviewfor combined correctness + security review.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
foryourhealth111-pixel/Vibe-Skills
pufferlib
This skill should be used when working with reinforcement learning tasks including high-performance RL training, custom environment development, vectorized parallel simulation, multi-agent systems, or integration with existing RL environments (Gymnasium, PettingZoo, Atari, Procgen, etc.). Use this skill for implementing PPO training, creating PufferEnv environments, optimizing RL performance, or developing policies with CNNs/LSTMs.
foryourhealth111-pixel/Vibe-Skills
fluidsim
Framework for computational fluid dynamics simulations using Python. Use when running fluid dynamics simulations including Navier-Stokes equations (2D/3D), shallow water equations, stratified flows, or when analyzing turbulence, vortex dynamics, or geophysical flows. Provides pseudospectral methods with FFT, HPC support, and comprehensive output analysis.
foryourhealth111-pixel/Vibe-Skills
metabolomics-workbench-database
Access NIH Metabolomics Workbench via REST API (4,200+ studies). Query metabolites, RefMet nomenclature, MS/NMR data, m/z searches, study metadata, for metabolomics and biomarker discovery.
foryourhealth111-pixel/Vibe-Skills
build-error-resolver
Compatibility alias for build-specific error resolution. Use this when VCO routes to build-error-resolver but the upstream agent is unavailable in the current runtime.
foryourhealth111-pixel/Vibe-Skills
geniml
This skill should be used when working with genomic interval data (BED files) for machine learning tasks. Use for training region embeddings (Region2Vec, BEDspace), single-cell ATAC-seq analysis (scEmbed), building consensus peaks (universes), or any ML-based analysis of genomic regions. Applies to BED file collections, scATAC-seq data, chromatin accessibility datasets, and region-based genomic feature learning.
foryourhealth111-pixel/Vibe-Skills
zinc-database
Access ZINC (230M+ purchasable compounds). Search by ZINC ID/SMILES, similarity searches, 3D-ready structures for docking, analog discovery, for virtual screening and drug discovery.
Didn't find tool you were looking for?