What frameworks are covered in the security patterns?

While the principles are universal, it provides specific implementation examples for Next.js, Supabase, Express, and Zod.

Does it support blockchain-specific security?

Yes, it includes specialized modules for Solana, covering wallet ownership verification, transaction validation, and balance checks.

How does this skill help prevent SQL injection?

The skill provides specific code patterns and verification steps to ensure all database interactions use parameterized queries or safe ORM methods instead of string concatenation.

Can it assist with secret management?

Yes, it includes a strict 'do and don't' list for handling API keys and credentials, focusing on environment variables and .gitignore best practices.

Security Review & Best Practices

Name: Security Review & Best Practices
Author: LuciferDono

byLuciferDono

•

Security & Testing

Audits code for vulnerabilities and provides implementation patterns for secure authentication, input validation, and secret management.

The Security Review skill is a comprehensive enhancement for Claude Code designed to harden applications against common threats and ensure production-grade safety. It provides structured checklists and battle-tested code patterns for critical security domains including SQL injection prevention, XSS/CSRF protection, secure API design, and sensitive data handling. By integrating OWASP-aligned standards and framework-specific guidance for tools like Next.js, Supabase, and Solana, this skill empowers developers to identify risks early and implement robust defenses throughout the development lifecycle.

Key Features

01OWASP-aligned protection strategies for XSS, CSRF, and Rate Limiting

02Zod-based input validation and file upload verification patterns

03Solana-specific blockchain transaction and wallet signature verification

04Secure secret management and environment variable guidelines

051 GitHub stars

06Comprehensive security checklists for pre-deployment audits

Use Cases

01Conducting security audits for web applications and blockchain integrations

02Implementing secure user authentication and session management with HttpOnly cookies

03Hardening API endpoints against injection and unauthorized access

Key Features

01OWASP-aligned protection strategies for XSS, CSRF, and Rate Limiting

02Zod-based input validation and file upload verification patterns

03Solana-specific blockchain transaction and wallet signature verification

04Secure secret management and environment variable guidelines

051 GitHub stars

06Comprehensive security checklists for pre-deployment audits

Use Cases

01Conducting security audits for web applications and blockchain integrations

02Implementing secure user authentication and session management with HttpOnly cookies

03Hardening API endpoints against injection and unauthorized access