Structured security review of skills, deployment plans, and live setups — credential hygiene, injection vectors, blast radius, and failure mode analysis.
Acts as a senior cybersecurity analyst performing a structured security review. It evaluates your skills, deployment plans, or live configurations against a 7-category checklist covering credential hygiene, write operation safety, data boundaries, blast radius controls, failure cascading, input validation, and operational resilience.
Beyond individual checks, it assesses 10 common failure modes — structural patterns like automation without circuit breakers, implicit trust in LLM output, credential sprawl, and orphaned state — that create systemic risk over time. A second independent agent validates the findings so nothing gets missed.
Point it at any SKILL.md and it reads the skill, every file it references, and the underlying scripts. Checks for drift between documentation and implementation — the SKILL.md says "always dry-run first" but the script has no dry-run flag.
Evaluates infrastructure plans for credential exposure, network boundary gaps, missing environment guards, and operational procedures that could fail under pressure.
Reviews live configurations, running services, exposed endpoints, and permission setups. Identifies what's already at risk in production.
Reads the SKILL.md, plan, or config — plus every file it references. For skills, reads the actual script source code, not just the documentation of what it does.
Systematically checks credential hygiene, write operation safety, data boundaries, blast radius controls, failure cascading, input validation, and operational resilience. Each finding gets a severity rating.
Evaluates structural patterns: alert fatigue amplification, automation without circuit breakers, implicit trust in LLM output, security theater, credential sprawl, log poisoning, orphaned state, blast radius ignorance, doc/implementation drift, and insufficient audit trails.
Spawns a second agent with no prior context to independently review the same artifact. Catches blind spots, validates remediations, and flags disagreements with the first pass.
Merges both passes into a prioritized report with risk summary, detailed findings, failure mode assessment, and actionable remediation steps.
A markdown report saved to output/reviews/ with risk summary, categorized findings (Critical/High/Medium/Low), failure mode assessment table, second-pass validation, and consolidated recommendations.
Clone the repo and start using this skill in under 60 seconds.