bk-monitor-security-audit
对前端代码进行安全审计,检测 XSS、CSRF 等漏洞。当用户请求代码审查或询问代码安全性时使用。
76
Quality
70%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./bcs-services/bcs-project-manager/.cursor/skills/bk-monitor-security-audit/SKILL.md前端代码安全审计
触发场景
- 代码提交/审查请求
- 询问代码安全性/漏洞
- 涉及 DOM 操作、URL 处理、用户输入
- 提及 XSS、CSRF、注入等安全关键词
审计检查清单
- DOM 操作安全性(innerHTML、v-html)
- URL/重定向安全
- 跨域通信安全(postMessage)
- 动态代码执行(eval)
- 敏感信息处理
- 原型污染/ReDoS
工作流程
- 读取代码文件
- 按检查清单逐项审计
- 按 report-template.md 输出报告
📦 可用资源
skill://bk-monitor-security-audit/references/audit-rules.mdskill://bk-monitor-security-audit/references/report-template.mdskill://bk-monitor-security-audit/references/security-checklist.md
📦 可用资源
skill://bk-monitor-security-audit/references/audit-rules.mdskill://bk-monitor-security-audit/references/report-template.mdskill://bk-monitor-security-audit/references/security-checklist.md
根据 SKILL.md 中的 IF-THEN 规则判断是否需要加载
- Repository
- TencentBlueKing/bk-bcs
- Commit
b08ac38
- Last updated
- Created
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.