How does the Security Review skill detect secrets?

The skill utilizes a combination of pattern-matching regular expressions and a structured checklist to identify hardcoded keys, passwords, and unencrypted tokens within your source files.

What severity levels does the skill use to rank issues?

Issues are categorized into four levels: Critical (deployment blockers), High (must fix before merge), Medium (fix when possible), and Low (minor improvements).

Is this a replacement for a full security audit?

While it is a powerful tool for catching common coding errors and OWASP Top 10 vulnerabilities during development, it should be used as a supplement to, not a replacement for, professional penetration testing.

Does it check for environment variable configuration?

Yes, a core part of the checklist ensures that sensitive data is moved to environment variables and that .env files are correctly excluded via .gitignore.

Can this skill help prevent SQL injections?

Yes, it includes specific audit steps to ensure that parameterized queries are used and that all user inputs are properly validated and sanitized before database interaction.

Security Review

Name: Security Review
Author: jay05410

byjay05410

セキュリティとテスト

Performs comprehensive security audits to identify vulnerabilities, hardcoded secrets, and injection risks within your codebase.

概要

The Security Review skill provides a structured framework for Claude to evaluate the security posture of your applications. It implements a rigorous checklist covering critical areas such as secret management, input validation, injection prevention, and authentication protocols. By utilizing a multi-tier severity system, it helps developers prioritize critical vulnerabilities like SQL injection and hardcoded API keys while also suggesting improvements for API rate limiting and CORS configuration. This skill is essential for maintaining high security standards during the development lifecycle and preparing code for production-grade deployments.

主な機能

Comprehensive injection prevention checks for SQL, XSS, and path traversal
Validation of authentication and authorization patterns including RBAC and RLS
0 GitHub stars
Risk-based severity categorization to prioritize critical security remediation
Automated detection of hardcoded secrets, API keys, and unencrypted tokens
Quick-scan shell command integration for rapid vulnerability discovery

ユースケース

Pre-merge code reviews to ensure security compliance and best practices
Hardening API endpoints against unauthorized access and data leaks
Auditing legacy codebases for hidden vulnerabilities and hardcoded credentials

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jay05410/compose-claudecode security-review

For use in Claude.ai and ChatGPT

Download Skill

GitHub

概要