[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-985b4de6-d278-4bae-a95d-7d0beac59c9a":3,"$fsCMLMoFlWS-RcdSW5h_sM9ZrUXtG7_hvW7kGYUrU69w":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"985b4de6-d278-4bae-a95d-7d0beac59c9a","differential-review","针对PR、提交和diff的安全重点代码审查。","cat_life_career","mod_other","sickn33,other","---\nname: differential-review\ndescription: \"Security-focused code review for PRs, commits, and diffs.\"\nrisk: unknown\nsource: community\n---\n\n# Differential Security Review\n\nSecurity-focused code review for PRs, commits, and diffs.\n\n## When to Use\n- You need a security-focused review of a PR, commit range, or diff rather than a general code review.\n- The changes touch auth, crypto, external calls, value transfer, permissions, or other high-risk logic.\n- You need findings backed by code evidence, attack scenarios, and an explicit report artifact.\n\n## Core Principles\n\n1. **Risk-First**: Focus on auth, crypto, value transfer, external calls\n2. **Evidence-Based**: Every finding backed by git history, line numbers, attack scenarios\n3. **Adaptive**: Scale to codebase size (SMALL\u002FMEDIUM\u002FLARGE)\n4. **Honest**: Explicitly state coverage limits and confidence level\n5. **Output-Driven**: Always generate comprehensive markdown report file\n\n---\n\n## Rationalizations (Do Not Skip)\n\n| Rationalization | Why It's Wrong | Required Action |\n|-----------------|----------------|-----------------|\n| \"Small PR, quick review\" | Heartbleed was 2 lines | Classify by RISK, not size |\n| \"I know this codebase\" | Familiarity breeds blind spots | Build explicit baseline context |\n| \"Git history takes too long\" | History reveals regressions | Never skip Phase 1 |\n| \"Blast radius is obvious\" | You'll miss transitive callers | Calculate quantitatively |\n| \"No tests = not my problem\" | Missing tests = elevated risk rating | Flag in report, elevate severity |\n| \"Just a refactor, no security impact\" | Refactors break invariants | Analyze as HIGH until proven LOW |\n| \"I'll explain verbally\" | No artifact = findings lost | Always write report |\n\n---\n\n## Quick Reference\n\n### Codebase Size Strategy\n\n| Codebase Size | Strategy | Approach |\n|---------------|----------|----------|\n| SMALL (\u003C20 files) | DEEP | Read all deps, full git blame |\n| MEDIUM (20-200) | FOCUSED | 1-hop deps, priority files |\n| LARGE (200+) | SURGICAL | Critical paths only |\n\n### Risk Level Triggers\n\n| Risk Level | Triggers |\n|------------|----------|\n| HIGH | Auth, crypto, external calls, value transfer, validation removal |\n| MEDIUM | Business logic, state changes, new public APIs |\n| LOW | Comments, tests, UI, logging |\n\n---\n\n## Workflow Overview\n\n```\nPre-Analysis → Phase 0: Triage → Phase 1: Code Analysis → Phase 2: Test Coverage\n    ↓              ↓                    ↓                        ↓\nPhase 3: Blast Radius → Phase 4: Deep Context → Phase 5: Adversarial → Phase 6: Report\n```\n\n---\n\n## Decision Tree\n\n**Starting a review?**\n\n```\n├─ Need detailed phase-by-phase methodology?\n│  └─ Read: methodology.md\n│     (Pre-Analysis + Phases 0-4: triage, code analysis, test coverage, blast radius)\n│\n├─ Analyzing HIGH RISK change?\n│  └─ Read: adversarial.md\n│     (Phase 5: Attacker modeling, exploit scenarios, exploitability rating)\n│\n├─ Writing the final report?\n│  └─ Read: reporting.md\n│     (Phase 6: Report structure, templates, formatting guidelines)\n│\n├─ Looking for specific vulnerability patterns?\n│  └─ Read: patterns.md\n│     (Regressions, reentrancy, access control, overflow, etc.)\n│\n└─ Quick triage only?\n   └─ Use Quick Reference above, skip detailed docs\n```\n\n---\n\n## Quality Checklist\n\nBefore delivering:\n\n- [ ] All changed files analyzed\n- [ ] Git blame on removed security code\n- [ ] Blast radius calculated for HIGH risk\n- [ ] Attack scenarios are concrete (not generic)\n- [ ] Findings reference specific line numbers + commits\n- [ ] Report file generated\n- [ ] User notified with summary\n\n---\n\n## Integration\n\n**audit-context-building skill:**\n- Pre-Analysis: Build baseline context\n- Phase 4: Deep context on HIGH RISK changes\n\n**issue-writer skill:**\n- Transform findings into formal audit reports\n- Command: `issue-writer --input DIFFERENTIAL_REVIEW_REPORT.md --format audit-report`\n\n---\n\n## Example Usage\n\n### Quick Triage (Small PR)\n```\nInput: 5 file PR, 2 HIGH RISK files\nStrategy: Use Quick Reference\n1. Classify risk level per file (2 HIGH, 3 LOW)\n2. Focus on 2 HIGH files only\n3. Git blame removed code\n4. Generate minimal report\nTime: ~30 minutes\n```\n\n### Standard Review (Medium Codebase)\n```\nInput: 80 files, 12 HIGH RISK changes\nStrategy: FOCUSED (see methodology.md)\n1. Full workflow on HIGH RISK files\n2. Surface scan on MEDIUM\n3. Skip LOW risk files\n4. Complete report with all sections\nTime: ~3-4 hours\n```\n\n### Deep Audit (Large, Critical Change)\n```\nInput: 450 files, auth system rewrite\nStrategy: SURGICAL + audit-context-building\n1. Baseline context with audit-context-building\n2. Deep analysis on auth changes only\n3. Blast radius analysis\n4. Adversarial modeling\n5. Comprehensive report\nTime: ~6-8 hours\n```\n\n---\n\n## When NOT to Use This Skill\n\n- **Greenfield code** (no baseline to compare)\n- **Documentation-only changes** (no security impact)\n- **Formatting\u002Flinting** (cosmetic changes)\n- **User explicitly requests quick summary only** (they accept risk)\n\nFor these cases, use standard code review instead.\n\n---\n\n## Red Flags (Stop and Investigate)\n\n**Immediate escalation triggers:**\n- Removed code from \"security\", \"CVE\", or \"fix\" commits\n- Access control modifiers removed (onlyOwner, internal → external)\n- Validation removed without replacement\n- External calls added without checks\n- High blast radius (50+ callers) + HIGH risk change\n\nThese patterns require adversarial analysis even in quick triage.\n\n---\n\n## Tips for Best Results\n\n**Do:**\n- Start with git blame for removed code\n- Calculate blast radius early to prioritize\n- Generate concrete attack scenarios\n- Reference specific line numbers and commits\n- Be honest about coverage limitations\n- Always generate the output file\n\n**Don't:**\n- Skip git history analysis\n- Make generic findings without evidence\n- Claim full analysis when time-limited\n- Forget to check test coverage\n- Miss high blast radius changes\n- Output report only to chat (file required)\n\n---\n\n## Supporting Documentation\n\n- **methodology.md** - Detailed phase-by-phase workflow (Phases 0-4)\n- **adversarial.md** - Attacker modeling and exploit scenarios (Phase 5)\n- **reporting.md** - Report structure and formatting (Phase 6)\n- **patterns.md** - Common vulnerability patterns reference\n\n---\n\n**For first-time users:** Start with methodology.md to understand the complete workflow.\n\n**For experienced users:** Use this page's Quick Reference and Decision Tree to navigate directly to needed content.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,66,792,"2026-05-16 13:15:23",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"其他","other","mdi-page-next-outline","其他类型Skill",5,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"职场发展","career","mdi-briefcase-outline","面试准备、简历优化、职业规划",4,575,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"b27ecae2-317c-45c5-8615-7d4c2b0b716b","1.0.0","differential-review.zip",3062,"uploads\u002Fskills\u002F985b4de6-d278-4bae-a95d-7d0beac59c9a\u002Fdifferential-review.zip","fee5af857dad040b31322a6ccee3ef07378a24dd16a716f34faaac423cb6e0c8","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":6860}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]