reviewPre-commit review
Read-only findings with precise evidence, impact, verification limits, and residual risk.
Whole-project security review skill
Map the repository, require source evidence, repair validated findings only when authorized, verify the result, and report scoped coverage and residual risk.
Security review with an explicit operating contract.
Command surface
Secure routes normal security requests without fragmenting behavior across separate installs.
reviewRead-only findings with precise evidence, impact, verification limits, and residual risk.
diff-reviewSecurity review of a PR, commit, branch, staged change, or working tree and its reachable dependencies.
auditA broader pass across auth, config, secrets, CORS, CSRF, storage, webhooks, abuse cost, and fail-open behavior.
threat-modelActors, assets, trust boundaries, inputs, sinks, abuse cases, and required controls before implementation.
fixRepairs validated findings only after explicit authorization, then adds focused regression coverage.
verifyRuns relevant tests and rescans, then reports status, coverage, blockers, and remaining risk.
Use secure. Audit this app before production:
C:\path\to\projectReview this project before commit.
Focus on production and security issues.npx skills add usesecure/secure-skill --skill secureVersioned v2 evaluation
Ten raw repositories pair vulnerable and safe controls across TypeScript, Python, Go, Rust, and Java. Matched runs share the same model, settings, prompt, and response contract.
Held-out fixes passed.
Safe-control false positives: 0%.
Model: gpt-5.6-sol
Reasoning: medium
Matched review runs: 24
Detection: 100% in both conditions
Safe-control false positives: 0%
Fix correctness: 5/5 vs 4/5
Activation trials: 3
Positive activation: 100%
False activation: 0%
Scope: this small, versioned suite only.Operational loop
Walk local text within explicit limits and produce a bounded map of routes, risky flows, and capability clusters.
Follow input to sink. A scanner match stays a lead until source proves the guard, scope, and side effect.
Fix the broken security rule—not only the local symptom—after explicit authorization.
Run focused tests, broader checks, and the failure-class scan again. Report residual risk honestly.
Interpretation limits
The fixtures test a small set of invariants—not complete application security or general model quality.
Held-out fixes passed. Mean review tokens: 69,441.
Held-out fixes passed. Mean review tokens: 132,447.
The public report links every fixture, scoring rule, transcript, and held-out fix result. The older 21-case Node.js fixture remains a structural baseline, not a universal score.
Intent router
Users do not need to memorize commands. Secure reads intent, chooses the right operating mode, and stays inside its authorization boundary.
Read-only review for a repository or scoped path. Secure maps capabilities, inspects high-risk source, confirms issues from code, and returns findings first.
A bounded review of the selected change plus the minimum security-critical dependencies needed to judge it safely.
A broader assessment that adds deployment-sensitive checks such as secrets, CORS, CSRF, logs, rate limits, provider calls, and fail-open behavior.
Authorized remediation that confirms findings, patches by invariant, verifies, rescans, and reports unresolved or blocked work.
Design-time mapping of actors, assets, trust boundaries, sensitive sinks, abuse cases, and required controls.
Focused retesting of exploit paths and the related failure class without turning narrow evidence into a whole-project claim.
Review methods
Security surface
Capability and reachability matter more than friendly names.
Demo headers, client-provided identity, weak sessions, middleware order, and role confusion.
Cross-tenant reads, writes, deletes, exports, background jobs, and signed access.
Policy fields flowing from payloads into DTOs, ORMs, mappers, and update calls.
Uploads, object keys, bucket visibility, signed URLs, previews, and delete paths.
Forms, AI calls, PDF rendering, email, queues, quotas, webhooks, and rate limits.
Secrets, fail-open defaults, noisy logs, provider errors, CORS, CSRF, and blockers.
Multi-language by invariant
Controllers, middleware, guards, policies, and voters all answer the same question: does the control dominate the sink?
Secure mode
Secure never claims a project is fully secure. It reports findings, verified repairs, blockers, and residual risk.
Use secure to review C:\path\to\projectVerified, unverified, retest-failed, blocked, and residual-risk states stay visible.
Ready to use
A self-contained skill with instructions, references, local scanners, and UI metadata.
npx skills add usesecure/secure-skill --skill secureUse secure. Review this project before commit,
focused on production and security issues:
C:\path\to\projectUse secure. Fix confirmed Critical and High findings,
verify, rescan, and report fix coverage.