security-review

用于架构设计与代码实现阶段的安全审查，识别威胁、漏洞与合规风险。

来源

GitHub

更新于

2026-06-07

// 安全评估低风险

仅提示词，不执行代码
开源可审计

正在进行安全审计…

凭证密钥
网络外发
代码执行
数据访问
来源供应链

// 安装

复制安装指令，让 AI 自动完成配置 · 推荐新手

请帮我安装 askskill 上的 "security-review" 技能：
1. 下载 https://raw.githubusercontent.com/microsoft/devsquad-copilot/main/.github/plugins/devsquad/skills/security-review/SKILL.md
2. 保存为 ~/.claude/skills/security-review/SKILL.md
3. 装好后重载技能，告诉我可以用了

// 下载

下载 SKILL.md机读安装清单 ↗

// 用法示例

评审新系统架构安全性

输入

请以架构安全审查模式评估这个系统设计：用户通过 Web 前端访问 API 网关，后端包含身份认证服务、订单服务和 PostgreSQL 数据库，部署在 Azure 上，并通过第三方支付接口处理付款。请按 STRIDE 分析主要威胁、指出高风险设计点，并给出缓解建议，不要做泛泛的代码质量评论。

预期产出

输出按威胁类别整理的架构安全风险清单、风险等级及对应缓解方案。

审查代码实现中的安全问题

输入

请以代码安全审查模式检查以下 API 实现，重点关注认证授权、输入校验、敏感信息泄露、依赖风险和常见 OWASP 漏洞，并给出需要修改的代码位置与修复建议：
[在这里粘贴代码或 Pull Request 说明]

预期产出

输出具体安全缺陷列表、受影响代码点、风险说明及可执行修复建议。

结合平台与依赖告警做安全复核

输入

请结合以下信息做一次安全复核：GitHub Security Alerts 显示两个高危依赖漏洞，Azure 部署配置启用了公有访问存储，项目还处理用户个人信息。请判断哪些问题最紧急，分别属于实现问题还是架构问题，并给出修复优先级与处置顺序。

预期产出

输出按优先级排序的问题清单，并区分架构层与实现层的处置建议。

// 文档

Security Review

Security Principles

Principle	Application
CIA Triad	Confidentiality, Integrity, Availability in every assessment
Defense in Depth	Multiple layers; never rely on a single control
Least Privilege	Minimum permissions for each component
Secure by Default	Default configurations must be secure
Zero Trust	Never trust, always verify
Shift Left	Detect issues early in design, not in production

Mode Detection

Determine the operating mode from the calling agent's context:

Architectural Mode (called from plan):

Handoff from the plan agent after ADR creation
Feature involves: auth, sensitive data, external APIs, payments

Code Mode (called from implement or review):

Handoff from the implement agent after implementation
Reference to specific files or diff

Architectural Mode (Design Security)

When to Execute

This mode is mandatory when the feature involves:

Trigger	Description
Authentication/Authorization	Access control, identity, permissions
Sensitive data	Information requiring protection (credentials, personal data)
External integrations	Communication with systems outside the trust boundary
Exposed endpoints	Interfaces accessible by users or external systems
Data persistence	Storage of information that crosses boundaries

Execution Flow

Read design artifacts:
- plan.md - Stack and architecture
- docs/architecture/decisions/*.md - ADRs
- spec.md - Requirements and user stories

Identify attack surface:

## Attack Surface

| Component | Exposure | Data | Initial Risk |
|-----------|----------|------|--------------|
| [endpoint] | [public/internal] | [data type] | [low/medium/high] |

Map trust boundaries:
- Where does data cross trust boundaries?
- Which components are external vs internal?
- Where is authentication/authorization applied?

Apply STRIDE (simplified):

Threat	Question	Typical Control
Spoofing	Can someone impersonate another?	Strong authentication
Tampering	Can data be altered?	Integrity, signatures
Repudiation	Can actions be denied?	Logging, audit trail
Info Disclosure	Can data leak?	Encryption, ACLs
Denial of Service	Can the system be taken down?	Rate limiting, quotas
Elevation	Can privileges be escalated?	Least privilege, RBAC

Evaluate ADRs:
- Do technology decisions have security implications?
- Are there known vulnerabilities in the chosen technologies?
- Are default configurations secure?
- For Microsoft/Azure technologies: Use microsoft_docs_search to check security best practices and known service vulnerabilities
- Use microsoft_docs_fetch to get the complete security hardening guide when a relevant gap is identified
Validate Azure compliance:
- Use the azure/policy tool to verify whether the proposed infrastructure complies with the organization's policies
- Use the azure/role tool to verify whether the access model follows least privilege (RBAC)
- Use the azure/wellarchitectedframework tool for each Azure service in the architecture to get the security pillar guidance
- Include found violations as findings in the security report
- If policies block services proposed in the ADRs, record as a High finding

Generate report:

# Security Review - [Feature]

**Mode**: Architectural
**Date**: [date]
**Reviewer**: Copilot Security Agent

## Executive Summary

**Verdict**: [APPROVED | APPROVED_WITH_CONTROLS | BLOCKED]

[Summary in 2-3 sentences of the overall risk and main concerns]

## Attack Surface

[Components table]

## STRIDE Analysis

…

查看完整文档 ↗