Does it support specific ORMs like Prisma?

Yes, it includes specific logic to detect direct Prisma calls that might bypass security layers and recommends correct patterns using context wrappers.

What is Row Level Security (RLS) validation in this skill?

RLS validation ensures that database operations are wrapped in specific contexts that restrict data access based on the user's identity, preventing unauthorized data exposure and multi-tenant leaks.

Can this skill help with OWASP Top 10 compliance?

Yes, it includes a dedicated checklist and auditing patterns for the OWASP Top 10, covering risks like Broken Access Control, Injection, and Insecure Design.

How does this skill detect hardcoded secrets?

It uses specialized regex patterns and scanning commands to identify API keys (like Stripe or AWS), passwords, and sensitive credentials that should be moved to environment variables.

When should I invoke the security-audit skill?

It is best used during pre-deployment reviews, when creating new database schemas, or when auditing API routes to ensure they are properly protected by authentication.

Security Audit & RLS Validation

Name: Security Audit & RLS Validation
Author: bybren-llc

bybybren-llc

•

Seguridad y Pruebas

Conducts comprehensive security audits, RLS policy validation, and OWASP compliance checks to secure production codebases and agentic workflows.

Acerca de

The security-audit skill provides a robust framework for validating Row Level Security (RLS) enforcement, auditing API routes for authentication, and identifying vulnerabilities within Claude Code environments. Built on a production-validated methodology, it automates the detection of forbidden patterns like direct database calls and exposed credentials while providing standardized checklists for OWASP Top 10 compliance. It serves as a specialized security engineer role within your development process, ensuring that AI-generated or human-written code adheres to security-first architecture principles before production deployment.

Características Principales

Automated credential scanning for exposed secrets and API keys
OWASP Top 10 compliance checking and standardized reporting
API route auditing for proper authentication and authorization
Dependency vulnerability scanning via integrated audit commands
Row Level Security (RLS) validation and context wrapper enforcement
22 GitHub stars

Casos de Uso

Automating security compliance checks within a CI/CD agentic workflow
Pre-deployment security reviews for production-ready applications
Identifying and remediating RLS bypasses in Prisma or SQL queries

Acerca de

Características Principales

Automated credential scanning for exposed secrets and API keys
OWASP Top 10 compliance checking and standardized reporting
API route auditing for proper authentication and authorization
Dependency vulnerability scanning via integrated audit commands
Row Level Security (RLS) validation and context wrapper enforcement
22 GitHub stars

Casos de Uso

Automating security compliance checks within a CI/CD agentic workflow
Pre-deployment security reviews for production-ready applications
Identifying and remediating RLS bypasses in Prisma or SQL queries