PlaygroundCatalog › Security Review
SR

Security Review

🔵 Stable🕐 updated 2026-07-01 🔷 SkillSpec L3 pm-security

Review a design, PR, or feature for security issues before it ships. Use when asked to do a security review, security-review a change/PR, or check a feature for vulnerabilities. Produces a structured review across the common risk areas (authn/authz, input handling, secrets, data exposure, dependencies), findings ranked by severity with concrete fixes, and a ship / fix-first verdict. For code and systems you own or are authorized to review.

▶ Run it free — no key needed 📝 Grade your existing draft View SKILL.md ↗

What to give it

What's under review — the design/diff/feature, and what it does.
Context — the stack, where it runs, what data/permissions it touches, who can reach it (internet-facing? authenticated?).
Sensitivity — the assets involved (PII, credentials, money, admin capability) and the threat context.

✅ The bar it holds itself to

Every skill in this library self-verifies — these are this skill's own quality checks, straight from its definition.

Every standard risk area is considered (authz incl. IDOR, input/injection, secrets, data exposure, deps, abuse)
Findings are ranked by severity with a concrete, actionable fix each
Exploitability is explained — why it's a real issue in this context, not a generic warning
A clear ship / fix-first / block verdict names the gating issues
Existing good controls are acknowledged; deeper follow-ups (scanner/pentest) are flagged

⚠️ What it refuses to do

Do not produce a generic checklist — tie each finding to this code/design and its exploit path
Do not rank everything the same — separate critical from hardening nits
Do not report an issue without a fix — give the concrete remediation
Do not miss authorization (IDOR/privilege) — it's the most common real-world web flaw
Do not review code you don't own or aren't authorized to assess

Install

npx pm-claude-skills add --agent claude   # or codex · cursor · gemini · hermes
# or one-line MCP (every skill, any client):
claude mcp add pm-skills -- npx -y pm-claude-skills-mcp

Related skills

🔌 Embed this skill

Drop this on your blog, docs, or site — it renders a "Run this skill" card:

<div data-pm-skill="security-review"></div>
<script src="https://mohitagw15856.github.io/pm-claude-skills/embed.js" async></script>

💬 Discussion

Security Review is one of 599 open-source professional AI agent skills — all SkillSpec L3. Try them all in the browser · ⭐ Star on GitHub · Browse the full catalog