Does it provide guidance on handling sensitive user data?

It provides strict patterns for logging and error handling to ensure that passwords, tokens, and stack traces are never exposed to end-users or stored in plaintext logs.

What tools does it use for input validation?

The skill emphasizes schema-based validation using Zod for general input and DOMPurify for sanitizing user-provided HTML to prevent XSS attacks.

How does this skill help prevent SQL injection?

The skill identifies dangerous string concatenation in database queries and provides templates for parameterized queries used in standard SQL and ORMs like Supabase.

Is rate limiting included in the security review?

Yes, it provides implementation patterns for API rate limiting and stricter controls for resource-intensive operations like search or authentication attempts.

Can this skill help with blockchain development security?

Yes, it includes specific modules for Solana that cover wallet signature verification and transaction validation to prevent blind signing and unauthorized transfers.

Security Review

Name: Security Review
Author: Fabio29T

byFabio29T

0•

보안 및 테스팅

Conducts comprehensive security audits and implements defensive coding patterns to protect applications from critical vulnerabilities.

The Security Review skill acts as a proactive security architect within Claude Code, ensuring that every code change adheres to modern safety standards. It provides automated checklists and implementation patterns for critical areas including authentication, secrets management, input validation, and SQL injection prevention. Whether you are building a Next.js application, integrating with Supabase, or developing Solana blockchain logic, this skill helps identify potential risks before deployment and enforces best practices for data protection, rate limiting, and cross-site scripting (XSS) prevention.

주요 기능

010 GitHub stars

02Parameterized query enforcement to prevent SQL injection vulnerabilities

03Specialized blockchain security for Solana wallet and transaction verification

04Input validation and HTML sanitization using Zod and DOMPurify patterns

05Automated security checklists for authentication and authorization workflows

06Implementation patterns for secure secrets management and environment variables

사용 사례

01Validating file upload systems to restrict size, type, and extension vulnerabilities

02Securing sensitive token storage by migrating from localStorage to httpOnly cookies

03Auditing new API endpoints for proper rate limiting and authorization checks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fabio29t/everything-claude security-review

For use in Claude.ai and ChatGPT

주요 기능

010 GitHub stars

02Parameterized query enforcement to prevent SQL injection vulnerabilities

03Specialized blockchain security for Solana wallet and transaction verification

04Input validation and HTML sanitization using Zod and DOMPurify patterns

05Automated security checklists for authentication and authorization workflows

06Implementation patterns for secure secrets management and environment variables

사용 사례

01Validating file upload systems to restrict size, type, and extension vulnerabilities

02Securing sensitive token storage by migrating from localStorage to httpOnly cookies

03Auditing new API endpoints for proper rate limiting and authorization checks