security-review

This skill provides a comprehensive security checklist and code patterns for developers to implement authentication, input validation, secrets management, and other security best practices.

11.1K
Installs
7
Use cases
5/10
Quality

Is security-review safe to install?

Review the source first

Review the source first: our audit of security-review's source files found 6 shell commands, 1 external URL, no file writes (high risk). Every command and URL listed appears verbatim in the skill's source. The skill includes instructions for running shell commands like npm audit and npm update, which modify local dependency files and interact with the package registry.

How we audit skills: our security review methodology.

Who is this skill for?

Developers building web applications, API endpoints, or blockchain integrations who need to ensure their code follows security standards.

What can you do with it?

  • Implementing authentication and authorization
  • Handling user input and file uploads
  • Creating API endpoints
  • Managing secrets and credentials
  • Implementing payment features
  • Storing or transmitting sensitive data
  • Integrating third-party APIs

How good is this skill?

Quality score: 5/10. The skill is well-structured, provides clear 'fail' and 'pass' code examples, and includes a comprehensive pre-deployment checklist.

What does the skill file contain?

SKILL.md
# Security Review Skill

This skill ensures all code follows security best practices and identifies potential vulnerabilities.

## When to Activate

- Implementing authentication or authorization
- Handling user input or file uploads
- Creating new API endpoints
- Working with secrets or credentials
- Implementing payment features
- Storing or transmitting sensitive data
- Integrating third-party APIs

## Security Checklist

### 1. Secrets Management

#### FAIL: NEVER Do This
```typescript
const apiKey = "sk-proj-xxxxx"  // Hardcoded secret
const dbPassword = "password123" // In source code
``...

Frequently asked questions

Does this skill automatically fix security vulnerabilities?

No, it provides checklists and code patterns for developers to implement. It suggests commands like 'npm audit fix' to help manage dependency vulnerabilities.

What specific security areas does this cover?

It covers secrets management, input validation, SQL injection prevention, authentication, authorization, XSS prevention, CSRF protection, rate limiting, sensitive data exposure, and blockchain-specific security.

Does this skill provide automated testing examples?

Yes, it includes TypeScript test examples for verifying authentication, authorization, input validation, and rate limiting.

Data sourced from affaan-m/everything-claude-code on GitHub. Install counts from skills.sh. The summary and security audit are derived from the skill's source files: every command and URL listed appears verbatim in the source.

Related skills

frontend-design

618.4K

AI agents tasked with designing and building web interfaces who need to produce unique, high-quality visual identities rather than generic, templated designs

The frontend-design skill provides guidance for creating distinctive, intentional visual designs for web interfaces. It instructs the agent to act as a design lead at a small studio, focusing on avoiding templated defaults by making deliberate choices regarding typography, color palettes, layout, and motion. The skill emphasizes a structured process of brainstorming, planning, and self-critique before writing code.

nonedesignfrontendanthropics

firebase-basics

97.4K

Developers using AI agents to manage Firebase projects via the command line

Provides foundational Firebase CLI workflows including authentication, project management, and configuration file retrieval.

highfirebaseclifirebase

audit-website

58.0K

Developers, SEO specialists, and website administrators who need to automate website health monitoring, technical debugging, and performance optimization

The audit-website skill enables AI agents to perform comprehensive website audits using the squirrelscan CLI. It evaluates websites against 240+ rules across 22 categories, including SEO, performance, security, and accessibility. The skill generates LLM-optimized reports, identifies issues, and provides actionable recommendations for remediation.

highseoauditsquirrelscan

stripe-best-practices

52.1K

Developers building, modifying, or reviewing Stripe integrations

The stripe-best-practices skill provides guidance on Stripe API selection, integration patterns, and security configurations. It directs the agent to reference specific internal documentation files for payments, Connect, billing, tax, treasury, and security topics.

highstripepaymentsstripe