Back to Details

security-guardian

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Security Guardian Skill (安全守护技能)

Security Guardian Skill

能力 (Capabilities)

Capabilities

  • Secrets 扫描: 识别硬编码的 API Key、Token 和密码。
  • 注入检测: 识别潜在的 SQL 注入和 XSS 风险。
  • 越权检测: 检查 API 是否缺少必要的 Session 校验或角色校验。
  • 依赖审计: 检查 
    package.json
    中的不安全包。
  • Secrets Scanning: Identify hard-coded API Keys, Tokens, and passwords.
  • Injection Detection: Identify potential SQL injection and XSS risks.
  • Unauthorized Access Detection: Check if APIs lack necessary session validation or role validation.
  • Dependency Auditing: Check for insecure packages in 
    package.json
    .

指令 (Instructions)

Instructions

  1. 强制性审计: 在涉及 
    server/api
    变更时,必须检查 
    server/utils/permission.ts
    的调用。
  2. 敏感操作控制: 对删除、敏感数据更新操作进行双重审计。
  3. 不确定性上报: 若无法确定某段逻辑是否安全,必须反馈用户手动核实。
  1. Mandatory Auditing: When changes involve 
    server/api
    , the calls to 
    server/utils/permission.ts
    must be checked.
  2. Sensitive Operation Control: Perform double audits on deletion and sensitive data update operations.
  3. Uncertainty Reporting: If it is uncertain whether a piece of logic is safe, you must notify the user for manual verification.

使用示例 (Usage Example)

Usage Example

输入: "审查这个登录逻辑。" 动作: 检查是否使用了安全哈希、是否有速率限制、是否在日志中输出了密码。
Input: "Review this login logic." Action: Check if secure hashing is used, whether rate limiting is in place, and if passwords are logged.