Harness-engineering harness-security-review
name: harness-security-review
install
source · Clone the upstream repo
git clone https://github.com/Intense-Visions/harness-engineering
manifest:
agents/skills/claude-code/harness-security-review/skill.yamlsource content
name: harness-security-review version: "1.0.0" description: Deep security audit with OWASP baseline and stack-adaptive analysis stability: static cognitive_mode: meticulous-implementer triggers:
- manual
- on_pr platforms:
- claude-code
- gemini-cli
- cursor
- codex tools:
- Bash
- Read
- Write
- Edit
- Glob
- Grep
cli:
command: harness skill run harness-security-review
args:
- name: path description: Project root path required: false
- name: deep description: Enable threat modeling phase required: false
- name: scope description: "Scope mode: 'changed-files' or 'full'. Auto-detected from PipelineContext when omitted." required: false mcp: tool: run_skill input: skill: harness-security-review path: string type: rigid tier: 3 phases:
- name: scan description: Run mechanical security scanner (skipped in changed-files mode) required: false
- name: review description: AI-powered security review (OWASP + stack-adaptive) required: true
- name: threat-model description: Lightweight threat model from codebase graph required: false
- name: report description: Generate findings report with remediation guidance (skipped in pipeline mode) required: false state: persistent: false files: [] keywords:
- security-audit
- OWASP
- vulnerability
- threat-model
- injection
- XSS
- authentication
- authorization
- security-scan
- remediation
- CVE
- secrets
- supply-chain stack_signals:
- nodejs
- python
- go
- java
- react
- nextjs
- docker
- api depends_on: [] related_skills:
- owasp-auth-patterns
- owasp-injection-prevention
- owasp-xss-prevention
- owasp-security-headers
- security-threat-modeling-stride
- security-threat-modeling-process
- security-zero-trust-principles
- security-audit-log-design
- security-injection-families