Skip to main content

Browse the directory

Showing 2 resources for "deserialization"
Saved
Active

Rollout signal scan

1 rollout risk signal in current results

Biggest gaps: package integrity. 0 entries have 2+ required gaps.

2 scanned

Source provenance

Source provenance is broadly covered in current results.

good

100% (2/2)

Metadata review

Metadata review is broadly covered in current results.

good

100% (2/2)

Safety notes

Safety notes is broadly covered in current results.

good

100% (2/2)

Privacy notes

Privacy notes is broadly covered in current results.

good

100% (2/2)

Package integrity

Package integrity is sparse; verify before rollout decisions.

risk

0% (0/2)

Install payload

Install payload is broadly covered in current results.

good

100% (2/2)

Adoption queue

Browse adoption queue · balanced

0/2 visible results are ready for staged adoption under this preset.

ready 0caution 2hold 0

Decision confidence

Decision confidence scan · balanced

0/2 results are high-confidence for the selected preset.

high 0medium 2low 0

Freshness distribution

Current results are broadly fresh

Median age 17 days; all 2 scanned entries are within 90 days.

median 17d

Fresh

≤ 30 days

50%

1 entry

Recent

31–90 days

50%

1 entry

Aging

91–180 days

0%

0 entries

Stale

> 180 days

0%

0 entries

rulesReview firstSource-backedReview firstClaude Code

Source-backed rules for reviewing AI-generated code that deserializes data before merge for insecure deserialization risk, covering native serialization formats (pickle, PyYAML, Java Serializable) that can execute arbitrary code on untrusted input, safe data-interchange alternatives, and class allowlisting/integrity checks when native formats can't be avoided.

Safety Privacy
commandsReview firstSource-backedReview firstClaude Code

Slash command that reviews a pull request diff for security regressions: authentication and authorization gaps, injection surfaces, secret exposure, unsafe deserialization, and dependency risk introduced by the change.

Invocation:/pr-security-review [pr-number]
Safety Privacy