CtrlK
BlogDocsLog inGet started
Tessl Logo

patch-advisor

Recommends the specific code change to remediate a detected vulnerability by dispatching on CWE to the matching Project CodeGuard rule's prescribed fix pattern. Use after a finding has been confirmed and located, when the user asks how to fix a vulnerability, or when generating remediation PRs.

Install with Tessl CLI

npx tessl i github:santosomar/general-secure-coding-agent-skills --skill patch-advisor
What are skills?

94

Quality

92%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SKILL.md
Review
Evals

Patch Advisor

This skill delegates to Project CodeGuard for remediation patterns. Every CodeGuard rule includes an "Implementation Checklist" and concrete before→after code; this skill is the CWE→rule→fix lookup.

Upstream: https://github.com/cosai-oasis/project-codeguard/tree/main/skills/software-security

Dispatch (CWE → CodeGuard rule → fix section)

CWECodeGuard ruleFix pattern
89codeguard-0-input-validation-injectionPreparedStatement / parameterized query examples
78codeguard-0-input-validation-injectionProcessBuilder / structured-exec + arg allow-list
79codeguard-0-client-side-web-securityContext-aware encoding, DOMPurify, Trusted Types
502codeguard-0-xml-and-serializationyaml.safe_load, ObjectInputStream allow-list, TypeNameHandling=None
611codeguard-0-xml-and-serializationdisallow-doctype-decl, DtdProcessing.Prohibit, defusedxml
22codeguard-0-file-handling-and-uploadsCanonicalize-then-prefix-check; value allow-list
798codeguard-1-hardcoded-credentialsKMS/vault extraction; env injection at runtime
327codeguard-1-crypto-algorithmsAlgorithm substitution table (MD5→SHA-256, AES-ECB→AES-GCM)
862codeguard-0-authorization-access-controlUser-scoped query; middleware enforce; DTO allow-list

Workflow

  1. Take CWE + language from the upstream finding.
  2. Look up the rule; extract the fix pattern for that language.
  3. Emit: the minimal diff, the rule ID it satisfies, and the rule's test-plan line for verification.
  4. If the CWE isn't in the table, fall back to the CodeGuard language→rules map and apply the closest rule's Implementation Checklist.
Repository
santosomar/general-secure-coding-agent-skills
Commit

47d56bb

Last updated
Created

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill