Does it include protection against XSS and CSRF?

Absolutely. It provides specific code patterns for HTML sanitization, Content Security Policy (CSP) headers, and CSRF token implementation.

Can this skill help with secrets management?

Yes, it provides checklists to ensure no API keys or passwords are hardcoded in the source code, moving them to environment variables and .gitignore instead.

Is this skill suitable for blockchain developers?

Yes, it includes specialized security checks for Solana, including wallet signature verification and transaction balance validation.

What is the best way to use the pre-deployment checklist?

Activate the skill before any production merge to run through the 16-point checklist covering everything from HTTPS enforcement to dependency auditing.

How does the Security Review skill prevent SQL injection?

It enforces the use of parameterized queries and ORM sanitization while flagging dangerous practices like string concatenation in database calls.

Security Review

Name: Security Review
Author: ysyecust

byysyecust

セキュリティとテスト

Audits codebases for vulnerabilities and enforces industry-standard security patterns for data protection and authentication.

概要

The Security Review skill equips Claude with a comprehensive framework to identify and mitigate common security risks during the development process. It provides structured guidance on secrets management, input validation, SQL injection prevention, and secure authentication flows. By implementing detailed checklists and proven code patterns for XSS, CSRF, and rate limiting, this skill ensures that features involving sensitive data or user interaction are built with a 'security-first' mindset, reducing the risk of production vulnerabilities.

主な機能

Robust input validation patterns using Zod to prevent malicious data entry.
Detailed prevention strategies for SQL Injection, XSS, and CSRF attacks.
0 GitHub stars
Specialized blockchain security checks for Solana wallet and transaction verification.
Automated security checklists for authentication and authorization flows.
Comprehensive audit protocols for secrets management and environment variables.

ユースケース

Conducting a pre-deployment security audit on new API endpoints and payment features.
Refactoring legacy code to replace hardcoded credentials with secure environment variables.
Implementing secure file upload systems with strict size, type, and extension validation.

概要

主な機能

Robust input validation patterns using Zod to prevent malicious data entry.
Detailed prevention strategies for SQL Injection, XSS, and CSRF attacks.
0 GitHub stars
Specialized blockchain security checks for Solana wallet and transaction verification.
Automated security checklists for authentication and authorization flows.
Comprehensive audit protocols for secrets management and environment variables.

ユースケース

Conducting a pre-deployment security audit on new API endpoints and payment features.
Refactoring legacy code to replace hardcoded credentials with secure environment variables.
Implementing secure file upload systems with strict size, type, and extension validation.