Does it support dependency and supply chain checks?

Yes, it reviews your project dependencies to ensure versions are pinned in lockfiles and checks for known vulnerabilities or incompatible licenses.

How does this skill help prevent security breaches?

It scans your code for hardcoded API keys, unmasked secrets in logs, and ensures that sensitive files like .env are correctly excluded from version control.

Can it validate my feature flag implementation?

Yes, it checks if feature flags have safe defaults, are properly documented with owners, and have a clear cleanup plan to avoid technical debt.

What is environment parity and why does this skill check it?

Environment parity ensures your app behaves the same way in dev and prod. The skill checks for explicit configuration instead of implicit hacks like checking hostnames.

Configuration & Secrets Reviewer

Name: Configuration & Secrets Reviewer
Author: xinbenlv

byxinbenlv

0•

Security & Testing

Audits application configurations and secret management to ensure production safety, environment parity, and security compliance.

The Configuration & Secrets Reviewer skill functions as a virtual Platform Engineer, meticulously auditing how your software handles settings, sensitive credentials, and feature flags. It identifies dangerous defaults that could cause data loss, detects hardcoded secrets before they reach version control, and ensures that environments remain consistent to prevent 'works on my machine' bugs. By applying 12-factor app principles and fail-fast validation patterns, this skill helps developers build resilient, secure systems that are easy to manage across dev, staging, and production.

Key Features

01Identifies hardcoded secrets and unmasked logging of sensitive credentials

02Reviews dependency pinning and supply chain security in lockfiles

03Validates production-safe defaults and mandatory startup configuration checks

04Ensures environment parity to eliminate implicit environment detection bugs

05Audits feature flag lifecycles, including documentation and cleanup plans

060 GitHub stars

Use Cases

01Performing security audits on environment variable handling during pull requests

02Standardizing configuration schemas across microservices to ensure consistent behavior

03Verifying that new feature flags include proper defaults and testing coverage

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add xinbenlv/codereview-skills codereview-config

For use in Claude.ai and ChatGPT

Download Skill