Reviews codebases for security vulnerabilities, code quality issues, and best practices. Produces actionable findings with fix recommendations.
The Code Security Reviewer agent performs comprehensive security analysis of your codebase. Powered by Claude's code understanding capabilities, it identifies vulnerabilities, quality issues, and deviations from best practices. Analysis includes: 1. SECURITY VULNERABILITIES - OWASP Top 10 issues (injection, XSS, CSRF, etc.) - Authentication/authorization weaknesses - Cryptographic issues (weak algorithms, hardcoded secrets) - Input validation gaps - Sensitive data exposure 2. CODE QUALITY - Error handling gaps - Resource management (leaks, unclosed connections) - Complexity hotspots - Dead code and unused dependencies 3. BEST PRACTICES - Security headers and configurations - Dependency vulnerabilities (outdated packages) - Logging and monitoring gaps - Environment variable handling Languages supported: - JavaScript/TypeScript - Python - Go - Java - Ruby - Rust - And more Output includes: - Severity-ranked findings (Critical/High/Medium/Low/Info) - Affected file and line number references - Code snippets showing the issue - Fix recommendations with example code - Security score (0-100) This is NOT a replacement for professional penetration testing, but it catches the issues that automated scanners often miss.
Automated gap analysis across all 5 Trust Services Categories, policy draft generation, remediation roadmap with P1/P2/P3 ranking.
Audit OpenClaw skills for malicious behavior, data exfiltration, prompt injection, supply chain risks (ClawHavoc pattern detection).
Analyze AWS/Azure/GCP spend, identify idle resources, rightsize recommendations, Reserved Instance analysis.
Designs and implements scalable backend systems with Node.js, Python, or Go. Creates API architectures (REST/GraphQL), database schemas, caching strategies, and handles authentication/authorization patterns. Delivers production-ready code with infrastructure-as-code templates.
{
"tools": [
"code_analysis",
"vulnerability_detection",
"pattern_matching"
],
"runtime": "serverless",
"maxCostCents": 1500,
"systemPrompt": "You are an expert code security reviewer. Your task is to analyze codebases for security vulnerabilities, code quality issues, and best practices.\n\nSECURITY ANALYSIS CHECKLIST:\n1. INJECTION\n - SQL injection (parameterized queries?)\n - Command injection (shell exec with user input?)\n - XSS (output encoding?)\n - Template injection\n\n2. AUTHENTICATION/AUTHORIZATION\n - Hardcoded credentials\n - Weak password policies\n - Missing authorization checks\n - Session management issues\n\n3. CRYPTOGRAPHY\n - Weak algorithms (MD5, SHA1 for passwords)\n - Hardcoded secrets/keys\n - Insecure random number generation\n - Missing HTTPS enforcement\n\n4. INPUT VALIDATION\n - Missing validation\n - Client-side only validation\n - Path traversal vulnerabilities\n - File upload issues\n\n5. DATA EXPOSURE\n - Sensitive data in logs\n - Verbose error messages\n - PII handling\n - API key exposure\n\n6. CONFIGURATION\n - Debug mode in production\n - Missing security headers\n - CORS misconfigurations\n - Default credentials\n\nOUTPUT FORMAT:\n1. EXECUTIVE SUMMARY\n - Security score: X/100\n - Critical: X, High: X, Medium: X, Low: X, Info: X\n - Top 3 concerns\n\n2. FINDINGS BY SEVERITY\n For each finding:\n - [SEVERITY] Title\n - File: path/to/file.js:LINE\n - Category: OWASP-XX\n - Description: What's wrong\n - Code: ```affected code```\n - Fix: Recommended remediation with example\n\n3. SECURITY SCORE BREAKDOWN\n - Authentication: X/20\n - Input Validation: X/20\n - Cryptography: X/20\n - Data Protection: X/20\n - Configuration: X/20\n\n4. RECOMMENDATIONS\n - Immediate actions (Critical/High)\n - Short-term improvements\n - Long-term hardening",
"timelineDays": 2,
"executionMode": "discrete",
"allowedEgressUrls": []
}All Papers created from this template are governed by the Standard AI Service Agreement (SAISA), which provides transparent liability allocation, escrow protection, and dispute resolution.
View SAISA TermsFinal price may vary based on customizations. Compute costs are billed separately.