What is the tenant-security-review skill?

A Team Security variant focused on edge cases and incident learnings for multi-tenant systems, adding concrete checks like cache key composition, background job scoping, and audit log tenant attribution, plus extra checks for tenant scope in queues and feature flags.

What checks does it include?

Incident-derived checks: cache key composition, background job scoping, audit log tenant attribution. Extra checks: verify queue consumers enforce tenant scope and verify feature flags cannot cross tenant boundaries.

When should I use it?

Use it after security incidents to capture tenant-related edge cases, during multi-tenant audits, or when validating isolation controls for caches, jobs, logs, queues, and feature flags.

tenant-security-review

npx machina-cli add skill tomkraaij/ai-skills-librarian/tenant-security-review --openclaw

Files (1)

SKILL.md

506 B

Tenant Security Review (Team Variant)

Adds incident-derived checks:

Cache key composition
Background job scoping
Audit log tenant attribution

Extra checks

Verify queue consumers enforce tenant scope.
Verify feature flags cannot cross tenant boundaries.

Source

git clone https://github.com/tomkraaij/ai-skills-librarian/blob/main/fixtures/manual-tests/team-security/skills/tenant-security-review/SKILL.md

View on GitHub

Overview

Team Security variant focused on edge cases and incident learnings to strengthen multi-tenant isolation. It introduces incident-derived checks for cache key composition, background job scoping, and audit log tenant attribution, plus extra verifications for tenant scope in queues and feature flags.

How This Skill Works

The skill augments security reviews with concrete, incident-driven checks. It validates that cache keys include tenant context, that background jobs are scoped to a tenant, and that audit logs attribute actions to the correct tenant. It also runs extra checks to ensure queue consumers enforce tenant scope and that feature flags cannot cross tenant boundaries.

When to Use It

After a security incident revealed tenant boundary issues
During multi-tenant audits and compliance reviews
When validating cache key composition for tenant isolation
When verifying background job scoping across tenants
When checking feature flag and queue behaviors for tenant boundaries

Quick Start

Step 1: Review incident learnings to identify tenant-related edge cases
Step 2: Validate tenant-related checks: cache key composition, background job scope, audit log attribution
Step 3: Run extra checks and document results for queue scope and feature flag boundaries

Best Practices

Ensure all cache keys include tenant identifiers to prevent cross-tenant leakage
Scope background jobs to a single tenant and validate cross-tenant data access
Require audit logs to consistently attribute actions to the correct tenant
Regularly verify queue consumers enforce tenant scope in worker processes
Test that feature flags cannot cross tenant boundaries and are scoped per tenant

Example Use Cases

Incident-driven cache key misconfiguration enabling cross-tenant access
Background job scoping bug discovered during incident review and fixed
Audit log attribution corrected after tenant mix-up in logs
Queue consumer tenant-scope validation added to CI tests
Feature flag boundary check prevented cross-tenant rollout

Frequently Asked Questions

Add this skill to your agents