CtrlK
BlogDocsLog inGet started
Tessl Logo

security-review

Comprehensive security code review workflow for a target repository, producing a markdown report with findings and recommendations.

47

Quality

50%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

Fix and improve this skill with Tessl

tessl review fix ./sources/skills/security-review/SKILL.md
SKILL.md
Quality
Evals
Security

Security Review

When to use

  • Use for a full codebase security review with prioritized findings, remediation guidance, and a formal report.

Inputs

  • Target repository path (first argument after invocation).
    • Example: $security-review /path/to/repo
  • Security knowledge base source:
    • Rules are sourced from Project CodeGuard, an open-source, model-agnostic security framework by CoSAI/OASIS.

If the repo path is missing or unclear, ask the user for it before proceeding.

Workflow

  1. Load the security knowledge base from Project CodeGuard

    • First read the Security_Code_Reviewer_Guidelines.md file bundled with this skill. Use its purpose and rule-loading strategy to guide the review.

    • Load all core security rules from Project CodeGuard:

      https://github.com/cosai-oasis/project-codeguard/tree/main/sources/rules/core

      These are mandatory foundational rules that must be loaded for every review.

    • Load relevant OWASP rules for the detected tech stack from:

      https://github.com/cosai-oasis/project-codeguard/tree/main/sources/rules/owasp

      Only load OWASP rules that match the target repository's technology stack.

  2. Perform deep code analysis

    • Review the repository line by line.
    • Focus on: injection flaws, authn/authz, hardcoded secrets, crypto misuse, SSRF, path traversal, RCE vectors, XSS/CSRF, unsafe deserialization, insecure defaults/configuration, and supply chain issues.
  3. Produce the report in markdown.

Report requirements

  • Executive Summary
    • Total findings by severity (Critical/High/Medium/Low/Info)
    • Top 5 most critical issues
    • Overall security posture
  • Detailed Findings (for each issue)
    • Title, Severity, Rule Reference(s), Location, Code Snippet
    • Description, Impact, Remediation (with examples), References
  • Findings by Category
  • Recommendations
    • Immediate actions, short-term (1-3 months), long-term improvements, tooling/process suggestions
  • Appendix
    • Files reviewed, rules applied/coverage, methodology notes

Output

  • Save the report to:
    • ./security_report/sec_review_<repo-name>_<YYYY-MM-DD_HH-mm-ss>.md
    • Use the target repo folder name for <repo-name> and replace spaces with -.
    • Write to the security_report folder in the current working directory.
Repository
cosai-oasis/project-codeguard
Last updated
Created

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.