Summary
This builds on the original security-review skill by adding three specific checks you run after completing the base review: dependency scanning with npm audit or govulncheck, secret detection using grep or trivy, and static analysis hunting for dangerous patterns like eval(), exec(), or unsanitized SQL queries. The skill explicitly tells you to run it at the end of each task, which is aggressive but probably smart if you're working on anything security-sensitive. It's fairly bare bones in terms of guidance, mostly just pointing you at specific tools rather than explaining what to look for or how to interpret results. Think of it as a checklist extension rather than a comprehensive security framework.
Install
npx skills add https://github.com/zackkorman/skills --skill security-review-2
