My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
  2. Code Studio

How to Create and Run a Reusable Security Code Review Skill in Code Studio

Published:

Security code reviews are critical for identifying vulnerabilities early in the development lifecycle. Code Studio skills allow you to encapsulate reusable, task focused workflows into structured, version controlled folders.

This article explains how to create and run a security code review skill in Code Studio to systematically detect vulnerabilities, enforce secure coding practices, and standardize security reviews across projects and teams.

By the end of this guide, you will be able to:

  • Create a reusable security code review skill.
  • Store and share it at the project or personal level.
  • Run consistent, AI assisted security reviews on your codebase.

Why You Need a Security Code Review Skill

  • Early vulnerability detection: Catch security issues like injection flaws, hardcoded secrets, and insecure configurations during development.
  • Consistent review standards: Ensure every code review follows the same security checklist, eliminating human oversight and coverage gaps.
  • Reusable across projects: Once created, the skill can be reused across repositories without re entering instructions or context.
  • Team-wide collaboration: Project-level skills are version-controlled, so the entire team uses the same security review process and can improve it together.

Steps to Create and Run the Security Review Skill

Prerequisite

Before proceeding, ensure that Code Studio version 2.0 or later is installed and configured. If it’s not installed, refer to this installation guide to set it up properly.

Step 1: Open the Skills Menu

a. Open your project in Code Studio.

b. In the chat input, type:

/skills

c. This opens the configure skills menu.

1.png

Step 2: Create a New Skill

Click + New skill from the command palette.

2.png

Step 3: Choose the Save Location

Select where the skill should be stored.

Location Stored In Who Has Access
Project skills The repository (e.g., .codestudio/skills/) Anyone with repository access.
Personal skills Your user profile (e.g., ~/.codestudio/skills/) Only you, across all projects.

For team-wide security reviews, choose project skills so the skill is version-controlled and shared.

3.png

Step 4: Name the Skill Folder

Enter a folder name for your skill. For example, securityreview. The directory name must match the name field you will set in SKILL.md. Code Studio creates the folder structure automatically.

Step 5: Modify the Security Skill File

Each skill contains a SKILL.md file that defines how the AI performs the task. Update this file to reflect your security review rules and expectations.

Note: You can find a complete, ready to use security code review skill here.

Example (simplified SKILL.md snippet):

name: securityreview
description: Perform a comprehensive security code review
instructions:
  - Identify security vulnerabilities and unsafe patterns
  - Highlight affected files and line numbers
  - Explain exploit scenarios
  - Provide secure remediation guidance
output:
  format: markdown
  path: docs/security/security-review.md

4.png

Step 6: Run the Security Code Review Skill

a. In the Code Studio chat input, type /.

b. Select the /securityreview skill.

c. Optionally add review context, for example:

“Do a security review of the login and authentication flow.”

You can attach additional context such as:

  • Recent code changes.
  • Specific files or modules.

To learn how to add context, see this documentation.

Note: Since this is a complex task for AI involving analysis, we recommend using a large model such as Claude Opus 4.6, Sonnet 4.6 for better-quality reports. Do not use mini or lightweight models, as they lack sufficient reasoning depth and context retention for accurate security analysis.

Step 7: Get Security Review Output

When the security code review skill is executed, Code Studio provides a security review based on the instructions defined in the skill.

The security review typically includes:

  • Identified security vulnerabilities or risky patterns.
  • Severity or impact assessment.
  • Affected files or relevant code areas.
  • Recommended remediation or secure coding guidance.

Based on the suggestions provided, fix the identified security issues to improve the overall security of the codebase. The security code review skill provides AI assisted analysis. Findings may include false positives or may miss context specific issues and should be reviewed and validated by engineers before fixes are applied.

5.gif

Best Practices

  • Run the security code review skill on important code changes and before releases.
  • Provide clear context (such as specific files, folders, or code changes) for better review results.
  • Review and validate the findings before applying fixes.

Troubleshooting

Skill Does Not Appear

  • Verify the skill folder name matches the name field in SKILL.md.
  • Ensure the skill is saved in the correct location.
  • Restart Code Studio if needed.

Incomplete or Shallow Results

  • Confirm you are using a recommended large model.
  • Provide additional context (files, diffs, modules).
  • Refine instructions in SKILL.md.
Attachments
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Access denied
Access denied