Agent SkillsUsefulSoftwareCo/executor › warden-security-review

warden-security-review

GitHub

用于执行Warden安全扫描的指南。涵盖本地配置、JSONL输出设置,以及针对授权、代码执行和数据泄露等风险的推荐扫描命令与目标路径。

.skills/warden-security-review/SKILL.md UsefulSoftwareCo/executor

触发场景

审计仓库安全性 使用Warden进行扫描 调查认证/数据外泄/代码执行风险 处理Warden扫描结果

安装

npx skills add UsefulSoftwareCo/executor --skill warden-security-review -g -y
更多选项

非标准路径

npx skills add https://github.com/UsefulSoftwareCo/executor/tree/main/.skills/warden-security-review -g -y

不安装直接使用

npx skills use UsefulSoftwareCo/executor@warden-security-review

指定 Agent (Claude Code)

npx skills add UsefulSoftwareCo/executor --skill warden-security-review -a claude-code -g -y

安装 repo 全部 skill

npx skills add UsefulSoftwareCo/executor --all -g -y

预览 repo 内 skill

npx skills add UsefulSoftwareCo/executor --list

SKILL.md

Frontmatter
{
    "name": "warden-security-review",
    "description": "Run Warden security scans in this repo using Sentry's warden-skills. Use when asked to audit security, scan with Warden, investigate authz\/data-exfil\/code-execution\/GitHub Actions risks, or triage Warden findings."
}

Warden security review runbook

Use Warden as a first-pass scanner, then manually verify every finding against the code. A clean Warden run means "no findings from that skill/pass", not "the codebase is secure."

Setup

Warden uses Claude Code auth locally. For Claude Max usage:

claude login

Run Warden through npm so the package version does not need to be committed:

npm exec --yes --package=@sentry/warden -- warden --help

The repo has a warden.toml that uses remote skills from getsentry/warden-skills.

Reference skills are mirrored under .reference/warden-skills when needed. .reference/ is gitignored.

Local Outputs

Write run artifacts under .warden-runs/. Do not commit .warden/ or .warden-runs/.

Use JSONL output for later triage:

mkdir -p .warden-runs
npm exec --yes --package=@sentry/warden -- \
  warden <targets...> --skill <skill> --fail-on off --report-on low --min-confidence low \
  --parallel 2 --log -o .warden-runs/<name>.jsonl

Warden may not treat bare directories as recursive targets. Prefer explicit quoted globs or a target file list.

Recommended Scans

Authz on cloud/API surfaces:

npm exec --yes --package=@sentry/warden -- \
  warden "apps/cloud/src/auth/**/*.ts" "apps/cloud/src/api/**/*.ts" \
  "apps/cloud/src/routes/**/*.tsx" "packages/core/api/src/**/*.ts" \
  --skill wrdn-authz --fail-on off --report-on low --min-confidence low \
  --parallel 2 --log -o .warden-runs/authz.jsonl

Code execution on sink-bearing runtime/plugin files:

rg -l "\b(exec|spawn|execFile|fork|subprocess|Deno\.Command|new Function|eval\(|vm\.|QuickJS|quickjs|Worker\(|import\(|compile|instantiate|runIn|shell|command|child_process)\b" \
  apps/local/src/server apps/cli/src packages/core/execution/src packages/core/sdk/src packages/kernel packages/plugins \
  -g "*.ts" -g "*.tsx" -g "!*.test.ts" -g "!*.spec.ts" -g "!*.e2e.ts" -g "!**/dist/**" -g "!**/node_modules/**" \
  > .warden-runs/code-execution-targets.txt

npm exec --yes --package=@sentry/warden -- \
  warden $(tr '\n' ' ' < .warden-runs/code-execution-targets.txt) \
  --skill wrdn-code-execution --fail-on off --report-on low --min-confidence low \
  --parallel 2 --log -o .warden-runs/code-execution.jsonl

Data exfiltration on backend/API/storage/plugin SDK surfaces:

find apps/cloud/src/api apps/cloud/src/auth apps/local/src/server \
  packages/core/api/src packages/core/storage-core/src packages/core/storage-file/src \
  packages/core/storage-postgres/src packages/core/storage-drizzle/src \
  packages/plugins/mcp/src packages/plugins/openapi/src packages/plugins/graphql/src \
  packages/plugins/google-discovery/src packages/plugins/oauth2/src \
  packages/plugins/onepassword/src packages/plugins/workos-vault/src \
  packages/plugins/file-secrets/src packages/plugins/keychain/src \
  -type f \( -name "*.ts" -o -name "*.tsx" \) |
  rg -v '(\.test\.|\.spec\.|\.e2e\.|dist/|node_modules/|embedded-migrations\.gen\.ts|/react/)' \
  > .warden-runs/exfil-targets-focused.txt

npm exec --yes --package=@sentry/warden -- \
  warden $(tr '\n' ' ' < .warden-runs/exfil-targets-focused.txt) \
  --skill wrdn-data-exfil --fail-on off --report-on low --min-confidence low \
  --parallel 2 --log -o .warden-runs/data-exfil.jsonl

GitHub Actions workflow risks:

find .github -type f \( -name "*.yml" -o -name "*.yaml" \) > .warden-runs/gha-targets.txt

npm exec --yes --package=@sentry/warden -- \
  warden $(tr '\n' ' ' < .warden-runs/gha-targets.txt) \
  --skill wrdn-gha-workflows --fail-on off --report-on low --min-confidence low \
  --parallel 2 --log -o .warden-runs/gha-workflows.jsonl

How to Triage

Deduplicate findings by root cause. Warden often reports the same bug at the low-level sink, wrapper, API handler, and plugin-tool entrypoint.

For each candidate:

  • Trace whether input is user-controlled.
  • Identify the exact sink.
  • Check whether auth, scope, host allowlists, private-IP blocks, redirects, and DNS rebinding defenses exist.
  • Determine what data returns to the caller: raw body, parsed fields, typed error message, timing/status oracle, or no observable data.
  • State confidence and deployment caveats.

Current Known Findings

As of the Warden pass on 2026-04-29:

  • Real: authenticated SSRF in plugin/source setup URL fetching for OpenAPI, Google Discovery, GraphQL, and MCP remote endpoints.
  • Real: mutable third-party GitHub Actions refs in publish/release workflows, especially oven-sh/setup-bun@v2 and changesets/action@v1.
  • Clean in that pass: authz scan on cloud auth/API/core API surfaces; code-execution scan on narrowed CLI/runtime/kernel/plugin sink files.

Do not claim the whole codebase is secure from those clean runs. They are scoped scanner results.

版本历史

  • fd4fb02 当前 2026-07-05 10:56

同 Skill 集合

.agents/skills/stack/SKILL.md
.agents/skills/wrdn-effect-atom-optimistic/SKILL.md
.agents/skills/wrdn-effect-atom-reactivity-keys/SKILL.md
.agents/skills/wrdn-effect-promise-exit/SKILL.md
.agents/skills/wrdn-effect-raw-fetch-boundary/SKILL.md
.agents/skills/wrdn-effect-schema-boundaries/SKILL.md
.agents/skills/wrdn-effect-schema-inferred-types/SKILL.md
.agents/skills/wrdn-effect-typed-errors/SKILL.md
.agents/skills/wrdn-effect-value-inferred-types/SKILL.md
.agents/skills/wrdn-effect-vitest-tests/SKILL.md
.agents/skills/wrdn-package-boundaries/SKILL.md
.agents/skills/wrdn-typescript-type-safety/SKILL.md
.claude/skills/emulate/SKILL.md
.claude/skills/prod-telemetry/SKILL.md
.claude/skills/self-contained-modals/SKILL.md
.skills/cli-release/SKILL.md
.skills/effect-atom-optimistic-updates/SKILL.md
.skills/effect-http-testing/SKILL.md
.skills/effect-use-pattern/SKILL.md
.skills/graphite/SKILL.md

元信息

文件数
0
版本
8bc037d
Hash
046e7c90
收录时间
2026-07-05 10:56

首页 - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-18 01:55
浙ICP备14020137号-1 $访客地图$