SEC

Whole-project security review skill

Secure

Map the repository, require source evidence, repair validated findings only when authorized, verify the result, and report scoped coverage and residual risk.

  • 24matched review runs
  • 5/5held-out fixes with Secure
  • 0%safe-control false positives
01 Read-only by default02 Source-backed findings03 Authorized fixes only

Security review with an explicit operating contract.

  • ✓ Local scanners never upload source
  • ✓ Verification stays scoped
  • ✓ Residual risk remains visible

Command surface

One canonical skill.

Secure routes normal security requests without fragmenting behavior across separate installs.

review

Pre-commit review

Read-only findings with precise evidence, impact, verification limits, and residual risk.

diff-review

Change-set review

Security review of a PR, commit, branch, staged change, or working tree and its reachable dependencies.

audit

Production readiness

A broader pass across auth, config, secrets, CORS, CSRF, storage, webhooks, abuse cost, and fail-open behavior.

threat-model

Design-time security

Actors, assets, trust boundaries, inputs, sinks, abuse cases, and required controls before implementation.

fix

Authorized remediation

Repairs validated findings only after explicit authorization, then adds focused regression coverage.

verify

Focused verification

Runs relevant tests and rescans, then reports status, coverage, blockers, and remaining risk.

Direct command
Use secure. Audit this app before production:
C:\path\to\project
Natural language
Review this project before commit.
Focus on production and security issues.
Canonical install
npx skills add usesecure/secure-skill --skill secure

Versioned v2 evaluation

Measured, not universal.

Ten raw repositories pair vulnerable and safe controls across TypeScript, Python, Go, Rust, and Java. Matched runs share the same model, settings, prompt, and response contract.

With Secure5/5

Held-out fixes passed.
Safe-control false positives: 0%.

Model: gpt-5.6-sol
Reasoning: medium
Matched review runs: 24
Detection: 100% in both conditions
Safe-control false positives: 0%
Fix correctness: 5/5 vs 4/5
Activation trials: 3
Positive activation: 100%
False activation: 0%

Scope: this small, versioned suite only.

Operational loop

From repository map to verified fixes.

  1. 01

    Map compactly

    Walk local text within explicit limits and produce a bounded map of routes, risky flows, and capability clusters.

  2. 02

    Confirm from source

    Follow input to sink. A scanner match stays a lead until source proves the guard, scope, and side effect.

  3. 03

    Patch the invariant

    Fix the broken security rule—not only the local symptom—after explicit authorization.

  4. 04

    Verify and rescan

    Run focused tests, broader checks, and the failure-class scan again. Report residual risk honestly.

Interpretation limits

Evidence has a boundary.

The fixtures test a small set of invariants—not complete application security or general model quality.

Without Secure4/5

Held-out fixes passed. Mean review tokens: 69,441.

With Secure5/5

Held-out fixes passed. Mean review tokens: 132,447.

What was controlled

  • Raw targets exclude answer keys, manifests, verifiers, and skill context.
  • Both conditions use the same model, effort, prompt, and schema.
  • Five safe controls measure false positives separately.
  • Activation classification is repeated and scored separately.

Raw evidence

The public report links every fixture, scoring rule, transcript, and held-out fix result. The older 21-case Node.js fixture remains a structural baseline, not a universal score.

Intent router

Natural requests. Concrete flows.

Users do not need to memorize commands. Secure reads intent, chooses the right operating mode, and stays inside its authorization boundary.

Review“review this project”, “before I commit”+

Read-only review for a repository or scoped path. Secure maps capabilities, inspects high-risk source, confirms issues from code, and returns findings first.

Output: Evidence-backed findings, verification limits, coverage, and residual risk.
Diff review“review this PR”, “inspect my changes”+

A bounded review of the selected change plus the minimum security-critical dependencies needed to judge it safely.

Output: Introduced risks, reachable dependencies, delta-specific verification, and scope.
Audit“is this safe to deploy?”, “production readiness”+

A broader assessment that adds deployment-sensitive checks such as secrets, CORS, CSRF, logs, rate limits, provider calls, and fail-open behavior.

Output: Production blockers, operational risks, remediation order, and unreviewed areas.
Fix“fix the security issues”, “make it production ready”+

Authorized remediation that confirms findings, patches by invariant, verifies, rescans, and reports unresolved or blocked work.

Output: Changed files, fixed findings, blockers, verification status, and fix coverage.
Threat model“before building this feature”, “what can go wrong?”+

Design-time mapping of actors, assets, trust boundaries, sensitive sinks, abuse cases, and required controls.

Output: Threat map, guards, validation rules, test targets, and rollout risks.
Verify“verify the fix”, “what risk remains?”+

Focused retesting of exploit paths and the related failure class without turning narrow evidence into a whole-project claim.

Output: Verified, unverified, retest-failed, blocked, or not-applicable status.

Review methods

Trace behavior, not filenames.

R1

Repository map

  • Routes, handlers, jobs, webhooks, and public forms.
  • Auth, tenant scope, storage, billing, AI, and admin clusters.
  • Risk-led local orientation within explicit limits.
C1

Semantic confirmation

  • Follow untrusted input through guards to sensitive sinks.
  • Separate broken invariants into atomic findings.
  • Reject naming bias from “safe”, “preview”, or “public”.
T1

Proof and tests

  • Focused regression tests for the exploit path.
  • Typecheck, build, targeted searches, and rescan.
  • Explicit blockers, coverage, and remaining risk.

Security surface

Built around real failure modes.

Capability and reachability matter more than friendly names.

Auth and role trust

Demo headers, client-provided identity, weak sessions, middleware order, and role confusion.

Tenant and owner scope

Cross-tenant reads, writes, deletes, exports, background jobs, and signed access.

Mass assignment

Policy fields flowing from payloads into DTOs, ORMs, mappers, and update calls.

Storage boundaries

Uploads, object keys, bucket visibility, signed URLs, previews, and delete paths.

Public abuse paths

Forms, AI calls, PDF rendering, email, queues, quotas, webhooks, and rate limits.

Release readiness

Secrets, fail-open defaults, noisy logs, provider errors, CORS, CSRF, and blockers.

Multi-language by invariant

One review model. Many stacks.

Controllers, middleware, guards, policies, and voters all answer the same question: does the control dominate the sink?

  • JavaScript
  • TypeScript
  • Python
  • Java
  • Kotlin
  • .NET
  • C#
  • Go
  • Ruby
  • PHP
  • Rust
  • SQL

Secure mode

Fix confirmed risk. Prove what changed.

Secure never claims a project is fully secure. It reports findings, verified repairs, blockers, and residual risk.

Use secure to review C:\path\to\project
Fix coverageScoped and explicit

Verified, unverified, retest-failed, blocked, and residual-risk states stay visible.

Ready to use

Drop it into Codex skills.

A self-contained skill with instructions, references, local scanners, and UI metadata.

01

Install

npx skills add usesecure/secure-skill --skill secure
02

Review prompt

Use secure. Review this project before commit,
focused on production and security issues:
C:\path\to\project
03

Hardening prompt

Use secure. Fix confirmed Critical and High findings,
verify, rescan, and report fix coverage.