omk-security-review
Security review for secrets, authentication, authorization, injection, unsafe shell commands, dependency risk, and sensitive file edits.
git clone --depth 1 https://github.com/dmae97/open-multi-agent-kit /tmp/omk-security-review && cp -r /tmp/omk-security-review/templates/skills/kimi/omk-security-review ~/.claude/skills/omk-security-reviewSKILL.md
## Security Review Use this for auth, API, database, shell, deployment, file upload, secrets, or dependency changes. ## Check - Secret leakage - `.env` modification - Hardcoded tokens - SQL/NoSQL injection - Command injection - XSS - CSRF - Broken authorization - Unsafe file path handling - Insecure dependency usage - Over-broad permissions - Dangerous shell commands ## Protected Files Treat these as protected: ```txt .env .env.* *.pem *.key id_rsa id_ed25519 credentials.json service-account*.json ``` ## Output ```txt Security verdict: Critical: High: Medium: Low: Required fixes: ```
Persistent memory, recall, session replay, and memory-governance workflow adapted from rohitg00/agentmemory for OMK. Use when setting up agent memory, deciding what to remember, importing/replaying sessions, reducing repeated context, or auditing memory safety.
Minimal, goal-driven, surgical coding workflow adapted from forrestchang/andrej-karpathy-skills for OMK. Use for coding, refactoring, debugging, and review tasks where assumptions, overengineering, or broad edits could cause regressions.
Legal workflow drafting, triage, review, research planning, legal operations, law-student or clinic support, and legal AI governance adapted from Anthropic claude-for-legal. Use for commercial, privacy, product, corporate, employment, regulatory, AI governance, IP, litigation, legal-clinic, and law-student tasks. Draft-only; attorney review and current source verification required.
Real-engineering alignment, shared-language, TDD, diagnosis, and architecture-review workflow adapted from mattpocock/skills for OMK. Use before non-trivial implementation, ambiguous product work, debugging loops, test-first changes, or codebase architecture cleanup.
Managed-agent teamwork, issue assignment, progress tracking, reusable-skill compounding, and handoff workflow adapted from multica-ai/multica for OMK. Use when coordinating multiple agents, converting work into agent-ready tasks, tracking blockers, or turning repeated solutions into skills.
Review AdaptOrch, OMK, and similar DAG multi-agent orchestration frameworks. Use when assessing DAG node responsibility, dependency edges, worker write authority, fallback/retry/timeout/evidence gates, review/merge boundaries, or reproducible decision traces.
Optional read-only OMK web/social/video research workflow inspired by Panniantong/Agent-Reach. Use for web search, current social evidence, YouTube/Bilibili/Reddit/Twitter/X/RSS/GitHub public research, and Agent Reach availability checks without auto-installing or collecting credentials.
Backend API review for NestJS, Express, FastAPI, database access, validation, auth, error handling, and API contracts.