How does it handle sensitive information in logs?

It provides specific 'Right vs Wrong' patterns to ensure developers redact sensitive data like passwords or tokens before they are logged to the console.

Does this skill provide code examples for input validation?

Yes, it provides production-ready patterns using Zod for schema validation and specific logic for restricting file upload sizes and types.

What security standards does this skill follow?

The skill is aligned with industry-leading standards like the OWASP Top 10, covering critical areas such as XSS, CSRF, and SQL injection prevention.

Can it help with Solana blockchain development?

Yes, it includes specialized verification steps for Solana wallet signatures, transaction details, and balance checks to prevent blind signing.

Security Review & Hardening

Name: Security Review & Hardening
Author: flatrick

byflatrick

0•

セキュリティとテスト

Enforces comprehensive security checklists and provides implementation patterns for authentication, input validation, and sensitive data handling.

The Security Review skill transforms Claude into a proactive security auditor, ensuring that every piece of code adheres to industry best practices. It provides structured guidance for high-stakes tasks like managing secrets, preventing SQL injection, and securing API endpoints using modern tools like Zod and Supabase RLS. By integrating this skill, developers can systematically verify their applications against OWASP standards and even specialized blockchain security requirements for Solana, reducing the risk of vulnerabilities before deployment.

主な機能

010 GitHub stars

02Secure secrets management patterns using environment variables

03Hardened authentication flows including httpOnly cookies and CSRF protection

04Comprehensive checklists for OWASP Top 10 vulnerability prevention

05Parameterized query implementation to eliminate SQL injection

06Schema-based input validation and file upload restriction templates

ユースケース

01Auditing an existing codebase for hardcoded credentials or insecure token storage

02Implementing secure Solana wallet verification and transaction logic for dApps

03Hardening a new REST or GraphQL API against common injection and cross-site attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add flatrick/mdt security-review

For use in Claude.ai and ChatGPT