Skip to content

SKILL.md

Latest commit

 

History

History
163 lines (125 loc) · 4.17 KB

SKILL.md

File metadata and controls

163 lines (125 loc) · 4.17 KB
name code-guardian
description Performs quality control at the end of every task. Checks for security vulnerabilities, errors, and code quality using ESLint. Detects buffer overflow errors and validates input for validity and size. Use this skill at the end of every task for code analysis.
license MIT
metadata
audience purpose tags
developers
security-validation
security
linting
code-quality
eslint

Code Guardian - Security Skill

What I Do

  1. ESLint Analysis - Static code analysis for errors and best practices
  2. Security Scanning - Detection of security vulnerabilities (SQL Injection, XSS, etc.)
  3. Buffer Overflow Detection - Validate input sizes and validity checks
  4. Input Validation - Checks for missing length, type, and range validations

When to Use Me

  • At the end of every task for quality control
  • When security vulnerabilities need to be checked
  • For buffer-related operations
  • Before committing code

Instructions

1. Run ESLint

npx eslint --config .eslint.code-guardian.json --ext .ts,.js,.tsx,.jsx .

2. With Auto-Fix

npx eslint --config .eslint.code-guardian.json --fix .

3. TypeScript Check (optional)

npx tsc --noEmit

Expected ESLint Configuration

The skill expects .eslint.code-guardian.json in your project root:

{
  "root": true,
  "env": {
    "browser": true,
    "es2021": true,
    "node": true
  },
  "extends": [
    "eslint:recommended",
    "plugin:@typescript-eslint/recommended",
    "plugin:security/recommended"
  ],
  "parser": "@typescript-eslint/parser",
  "parserOptions": {
    "ecmaVersion": "latest",
    "sourceType": "module"
  },
  "plugins": ["@typescript-eslint", "security"],
  "rules": {
    "no-console": "warn",
    "no-debugger": "warn",
    "security/detect-object-injection": "off"
  }
}

Required Packages

npm install --save-dev eslint @typescript-eslint/eslint-plugin @typescript-eslint/parser eslint-plugin-security

Optional for Prettier formatting:

npm install --save-dev eslint-plugin-prettier prettier

Security Checks

The skill detects the following security vulnerabilities:

Rule Description Severity
security/detect-eval-with-expression eval() with dynamic expressions High
security/detect-non-literal-fs-filename File system access without path validation High
security/detect-non-literal-regexp Regex from user input Medium
security/detect-object-injection Object injection vulnerabilities Medium
security/detect-possible-timing-attacks Timing attacks Medium
security/detect-pseudoRandomBytes Weak random number generators Medium

Buffer Overflow Detection

The skill detects potential buffer overflow errors:

Rule Description Severity
no-buffer-constructor Use of unsafe Buffer constructors High
no-new-native-buffer Unsafe Buffer creation High
security/detect-non-literal-fs-filename File system access without path validation High

Input Validation

The skill checks for missing or insufficient input validation:

Check Description
Length validation Warning for missing length limits on strings
Type validation Missing type validation for function parameters
Range validation Numeric values without range validation
Null check Missing Null/Undefined checks

Installation

Copy the code-guardian folder to:

  • Project: .opencode/skills/code-guardian/
  • Global: ~/.config/opencode/skills/code-guardian/

Workflow Integration

The skill can be configured as a Post-Task-Hook:

// oh-my-opencode.json
{
  "hooks": {
    "PostTaskExecute": {
      "agent": "code-guardian",
      "enabled": true
    }
  }
}

Exit Codes

Code Meaning Action
0 No problems found Continue
1 ESLint errors present Try automatic fix
2 Configuration error Check configuration

Tips

  • Add node_modules/ and dist/ to .eslintignore
  • Adapt the rules to your project
  • Use --fix for automatic corrections