Does this skill help with OWASP compliance?

Yes, the design philosophy is centered around validating code against common vulnerability patterns identified in the OWASP Top 10.

How does it handle input validation?

It promotes server-side validation using schemas (like Zod or Joi) and provides patterns for safe file uploads, including size limits and MIME type verification.

Can it detect hardcoded secrets?

The skill specifically checks for hardcoded API keys, tokens, and passwords, and provides guidance on moving them to secure environment variables or secret managers.

When should I activate the Security Review skill?

Trigger this skill whenever you are implementing authentication, handling user input, creating new API endpoints, or managing sensitive data like secrets and payment features.

Security Review

Name: Security Review
Author: mhylle

bymhylle

•

보안 및 테스팅

Performs comprehensive security audits and provides remediation guidance to protect codebases from common vulnerabilities and exploits.

The Security Review skill acts as a proactive security quality gate for Claude Code, specifically designed to validate code changes against modern security standards like the OWASP Top 10. It provides specialized checklists and implementation patterns for critical areas such as authentication, input validation, secrets management, and SQL injection prevention. By integrating this skill into your workflow, you ensure that potential vulnerabilities are identified early and that sensitive features—like payment processing or file uploads—follow industry-standard security protocols before reaching production.

주요 기능

0111 GitHub stars

02Server-side input validation auditing using schema-based patterns like Zod

03SQL injection prevention through parameterized query and ORM verification

04Cross-Site Scripting (XSS) and CSRF protection strategy implementation

05Automated detection of hardcoded secrets and credentials in source code

06Authentication and Authorization checks including RBAC and Row Level Security

사용 사례

01Verifying secure handling of PII, financial data, and third-party API integrations

02Auditing new API endpoints and public-facing routes for injection vulnerabilities

03Reviewing authentication flows, session management, and password reset logic

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mhylle/claude-skills-collection security-review

For use in Claude.ai and ChatGPT

Download Skill