Назад към всички

ralph-quick

// Fast security spot-check with 10 iterations (~5-10 min). Use when user says 'quick security check', 'pre-deploy audit', 'ralph quick', 'fast security scan', 'spot check before deploy', or 'daily security check'. Covers secrets, OWASP basics, auth, rate limiting, and containers.

$ git log --oneline --stat
stars:1,933
forks:367
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
nameralph-quick
descriptionFast security spot-check with 10 iterations (~5-10 min). Use when user says 'quick security check', 'pre-deploy audit', 'ralph quick', 'fast security scan', 'spot check before deploy', or 'daily security check'. Covers secrets, OWASP basics, auth, rate limiting, and containers.
metadata[object Object]

Ralph Quick — 10 Iterations (~5-10 min)

Fast security spot-check for pre-deployment or daily security hygiene.

References

Instructions

Execution Engine

YOU MUST follow this loop for EVERY iteration:

  1. STATE: Read current iteration (start: 1)
  2. ACTION: Perform ONE check from current phase
  3. VERIFY: Before reporting FAIL — read actual code, check if a library handles it, check DB constraints, check if dev-only
  4. REPORT: Output iteration result in the format below
  5. INCREMENT: iteration = iteration + 1
  6. CONTINUE: IF iteration <= 10 GOTO Step 1
  7. FINAL: Generate summary report saved to .ralph-report.md

Critical rules:

  • ONE check per iteration (not all at once)
  • ALWAYS show iteration counter [QUICK-X/10]
  • NEVER skip iterations
  • If VERIFY is inconclusive: mark NEEDS_REVIEW, not FAIL

Per-Iteration Output

[QUICK-{N}/10] {check_name}
Target: {file or system component}
Result: {PASS|FAIL|WARN|N/A}
Confidence: {VERIFIED|LIKELY|PATTERN_MATCH|NEEDS_REVIEW}
Finding: {description or "Clean"}
───────────────────────────────

Persona

Senior security engineer — evidence-based, critical focus, maximum efficiency.

Phase Structure

IterCheck
1Auto-detect stack, infra, git sync
2.env in .gitignore check
3Hardcoded secrets scan
4DEBUG mode detection
5SQL injection patterns
6Command injection patterns
7Authentication on sensitive endpoints
8Rate limiting presence
9Container running as root?
10Summary & recommendations

Auto-Detect (Iteration 1)

Deterministic order:

  1. git rev-parse --show-toplevel
  2. Stack: package.json, pyproject.toml, requirements.txt, go.mod
  3. Infra: Dockerfile, docker-compose.yml, k8s manifests
  4. CI/CD: .github/workflows, .gitlab-ci.yml
  5. Skip non-applicable checks, mark N/A

Confidence Levels

LevelMeaning
VERIFIEDConfirmed with code reading or PoC
LIKELYStrong evidence, no PoC
PATTERN_MATCHKeyword match only — flag for human review
NEEDS_REVIEWInconclusive

Severity

LevelCVSSResponse
CRITICAL9.0-10.0Stop and fix immediately
HIGH7.0-8.9Fix before deployment
MEDIUM4.0-6.9Schedule fix
LOW0.1-3.9Note for later

Report File

On start: if .ralph-report.md exists, rename to .ralph-report-{YYYY-MM-DD-HHmm}.md. Save final report at end.

Parameters

ParamDefaultOptions
--iterations101-20
--focusallsecrets, owasp, infra, all

Note: Parameters are AI-interpreted instructions, not parsed CLI args.

When to Use

  • Pre-deployment quick check
  • Daily security spot-check
  • Verifying a specific fix

For deeper audits: /ralph-security (100), /ralph-ultra (1,000), /ralph-promax (10,000).