On this page
Security Review Skill
Design a reusable security review skill for AI agents with threat scope, safe inputs, output format, governance controls, and quality gates.
12 min readWhat This Skill Does
Target user
Security, platform, and engineering teams reviewing AI-agent code changes or workflow changes.
Search intent
Find a safe pattern for using agent skills to review security risk without exposing secrets or granting remediation authority.
Use When
- A diff touches auth, permissions, secrets, data flows, network calls, dependency boundaries, or user-controlled input.
- A security team wants consistent review reports before a human sign-off.
- A team needs lightweight threat modeling for agent-produced changes.
Do Not Use When
- The agent needs production credentials or private customer data to complete the review.
- The desired output is exploit code or instructions for unauthorized systems.
- The workflow would automatically remediate vulnerabilities without human approval.
Required Inputs
- Diff, design note, or workflow artifact under review.
- Threat model or security checklist.
- Auth, data-classification, and logging policy references.
- Known dependencies, trust boundaries, and public endpoints.
Expected Outputs
- Security findings with severity, affected path, and exploitability rationale.
- Rejected false positives with reasoning.
- Required mitigations or follow-up work items.
- Explicit statement of remaining uncertainty.
A security review skill gives an AI agent a narrow, auditable procedure for reviewing authorized code or workflow changes for security risk.
It should produce evidence for a human reviewer, not act as a penetration-testing free-for-all or an automatic vulnerability remediator.
Security Review Workflow
Skill example
Start by confirming the review target is authorized. Then identify data flows, trust boundaries, authentication checks, user-controlled inputs, dependency boundaries, logging behavior, and outputs that may expose sensitive data.
The strongest reports explain why a risk matters and what minimum mitigation is needed. They do not dump broad exploit recipes or speculate beyond the available evidence.
Skill Folder and SKILL.md Outline
Skill example
A safe security review skill separates security policy references from the main workflow. The main SKILL.md should focus on scope, process, output shape, and refusal boundaries.
Do not include runnable exploit scripts in the skill folder. Use policy, checklist, and report templates instead.
Suggested Folder Files
SKILL.md - review scope, safety boundaries, output format, and escalation rules.
references/threat-model.md - approved threat categories and severity rubric.
references/secure-coding-checklist.md - auth, input validation, output encoding, secrets, and logging checks.
templates/security-review.md - report structure for findings and accepted risk.
Illustrative SKILL.md outline
---
name: security-review
description: Review authorized code or workflow changes for security regressions, data exposure, auth gaps, injection risk, and unsafe agent behavior.
---
1. Confirm the review target is authorized and inside the current repository or work item.
2. Identify trust boundaries, user-controlled inputs, secrets, auth checks, and sensitive outputs.
3. Report plausible vulnerabilities with severity, path, evidence, and mitigation.
4. Avoid exploit instructions beyond the minimum needed to explain risk.
5. Stop and escalate if the task asks for credentials, unauthorized targets, or automatic remediation.No unsafe executable examples
Platform Compatibility Notes
Skill example
Platform-specific permission systems matter more for security review than for most skills. A skill that can run shell commands, access external systems, or read secrets changes the risk profile.
Keep platform notes explicit so teams do not assume Claude, Codex, OpenCode, and OpenClaw enforce the same boundaries.
Platform Compatibility Notes
Claude Code: avoid broad allowed-tools grants; security review skills should not silently run destructive tools.
Codex: keep standing security policy in AGENTS.md and load the security review skill for task-specific review procedure.
OpenCode: set experimental or internal security skills to ask until trust is established.
OpenClaw: protect skills.entries env and apiKey values from prompts, transcripts, and examples.
Governance Controls
Skill example
Security review skills should always leave an audit trail: target artifact, active policy version, findings, accepted-risk decisions, and reviewer sign-off.
For high and critical findings, the output should create or reference remediation work rather than hiding the fix inside the review workflow.
Governance Controls
Limit scope to authorized code and approved work items.
Create follow-up work items for remediation instead of silently patching.
Record review evidence, severity, and accepted-risk decisions.
Require human security sign-off before closing high-risk findings.
Quality Checklist
Every finding states the trust boundary and affected asset.
The report distinguishes confirmed issues from hypotheses.
No secrets, tokens, or private customer data appear in output.
Unsafe or unauthorized requests are refused and escalated.
Govern the security review skill through tracked work
VibeFlow ties reusable agent skills to work items, execution logs, commits, security review, QA, and durable context so teams can see which workflow influenced each change.
Ready to get started?
See how Axiom Studio can transform your AI infrastructure with enterprise-grade governance, security, and cost optimization.
Contact UsContinue Learning
Agent Skill Security
The broader risk model for reusable agent skills.
Code Review Skill
A general review workflow that can hand off security-specific concerns.
OpenClaw Skills
Platform notes for skills, secrets, and gating.
What is AI Security?
Enterprise AI security controls and threat modeling.
What Are Agent Skills?
The hub guide for SKILL.md packages and reusable agent workflows.