How does this skill prevent SQL injection?

The skill enforces the use of parameterized queries and ORM-safe methods like Supabase or Prisma instead of dangerous string concatenation for database operations.

Does it support modern input validation libraries?

It specifically promotes schema-based validation using libraries like Zod to ensure all user input and file uploads are sanitized and type-safe.

Is it suitable for production-ready code?

Absolutely, it includes a rigorous pre-deployment checklist covering CSP headers, CORS configuration, Rate Limiting, and HTTPS enforcement.

Can it detect hardcoded secrets?

Yes, it provides patterns to identify hardcoded API keys and credentials in source code and recommends moving them to secure environment variables.

Security Review Expert

Name: Security Review Expert
Author: lev-os

bylev-os

0•

セキュリティとテスト

Audits source code for security vulnerabilities and enforces production-grade safety standards across the development lifecycle.

The Security Review skill provides a comprehensive framework for identifying and mitigating common web vulnerabilities within Claude's coding environment. It guides the implementation of robust secrets management, schema-based input validation, and parameterized database queries to prevent SQL injection. By enforcing best practices for authentication, CSRF protection, and XSS sanitization, this skill ensures that applications are hardened against attacks before deployment, making it an essential tool for developers building secure, production-ready software.

主な機能

01Comprehensive pre-deployment security checklists

020 GitHub stars

03Automated secrets detection and environment variable enforcement

04Schema-based input validation and file upload auditing

05XSS and CSRF protection implementation guidance

06SQL injection prevention via parameterized query patterns

ユースケース

01Implementing secure third-party integrations and file handling

02Reviewing code for sensitive data exposure and improper logging

03Hardening API endpoints and authentication/authorization flows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add lev-os/agents security-review

For use in Claude.ai and ChatGPT

Download Skill