Can I use this for OWASP compliance checks?

Absolutely. It provides a detailed checklist mapped to the OWASP Top 10, covering broken access control, injection, and insecure design.

Is this skill specific to a certain database ORM?

While the provided patterns are optimized for Prisma and Row Level Security (RLS), the general audit logic and security checklists apply to any TypeScript-based backend.

Does this skill help with credential scanning?

Yes, it includes automated scanning commands to detect hardcoded secrets, API keys, and potential credential leaks in your TypeScript and environment files.

How does this skill detect RLS bypasses?

The skill uses specific grep-based patterns to identify direct database calls that bypass the required security context wrappers like withUserContext or withAdminContext.

Does it support automated vulnerability scanning?

Yes, it integrates standard security commands like npm audit and yarn audit to check for high and critical vulnerabilities in your project dependencies.

Security Audit & RLS Validation

Name: Security Audit & RLS Validation
Author: bybren-llc

bybybren-llc

•

セキュリティとテスト

Enforces application safety by validating Row Level Security (RLS) policies, auditing authentication routes, and performing automated vulnerability scanning.

This skill provides a comprehensive security-first framework for Claude Code, enabling the detection and prevention of common vulnerabilities such as broken access control, exposed credentials, and SQL injection. By implementing standardized RLS context wrappers and OWASP compliance checks, it ensures that AI agents develop code within strict security guardrails. It streamlines the auditing process for authentication flows, dependency health, and secure database access patterns, making it an essential tool for production-grade agentic development.

主な機能

01OWASP Top 10 compliance mapping and standardized checklists

02Authentication and authorization auditing for API routes

03Pre-deployment security review reporting and vulnerability detection

04Hardcoded credential and secret scanning for client/server code

05Automated RLS bypass detection for Prisma and database operations

0619 GitHub stars

ユースケース

01Performing a comprehensive security audit before deploying new features to production

02Validating database isolation to ensure users cannot access unauthorized data

03Automating dependency vulnerability checks using npm and yarn audit

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bybren-llc/wtfb-safe-agentic-workflow security-audit

For use in Claude.ai and ChatGPT

Download Skill