Add security_review_app.py and SECURITY_RISK_REPORT.md for account hygiene checks

[umakarem82]

Motivation

• Introduce a small security review utility and a written risk report to aid detection of account takeover, social-engineering, and privacy leakage risks observed in WhatsApp/Aalto-style contexts.
• Provide a reusable patch-check scanner to flag suspicious/non-original code patterns such as dynamic execution and embedded secrets.

Description

• Add security_review_app.py, a CLI tool implementing two modes: interactive review questionnaire and non-interactive patch-check file scanner with a --json output option.
• Implemented review templates for chrome, whatsapp, and aalto as weighted Question sets and risk grading via the grade function.
• Added pattern-based detectors in SUSPICIOUS_PATTERNS, file discovery via files_to_scan, and a simple fingerprinting helper sha256_text to aid original-code tracking.
• Add SECURITY_RISK_REPORT.md documenting scope, key findings, risk level, immediate actions, and usage guidance including the example python3 security_review_app.py patch-check . --json command.

Testing

• No automated tests were added or executed as part of this change.

---

Codex Task

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 61de1ddb-b87a-42a3-9699-abcb7a74ecf9

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/create-security-review-application-70jcjb

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}