When is this security review mandatory?

It triggers automatically whenever files involving auth, security, middleware, sessions, tokens, or SQL patterns are modified.

Can it detect hardcoded secrets?

Yes, the skill uses automated regex-based searches to identify potential API keys, passwords, and tokens accidentally left in the source code.

Does it check for dependency vulnerabilities?

Yes, it integrates with package managers like pnpm and pip to run security audits (e.g., pnpm audit) for known CVEs in your project dependencies.

What is the Security Review skill for Claude Code?

It is a specialized capability that performs automated and guided security audits on code changes related to authentication, APIs, and sensitive data handling.

Which security standards does it follow?

The skill is primarily based on the OWASP Top 10 framework, covering critical categories like Injection, Broken Access Control, and Cryptographic Failures.

Security Review Expert

Name: Security Review Expert
Author: troykelly

bytroykelly

•

Security & Testing

Conducts mandatory OWASP-aligned security audits for sensitive code changes involving authentication, APIs, and databases.

The Security Review skill is a specialized capability for Claude Code designed to automate the identification and auditing of security-sensitive code paths. It enforces a rigorous review process whenever changes touch authentication, authorization, middleware, API endpoints, or database schemas. By evaluating code against the OWASP Top 10 vulnerabilities, the skill provides domain-specific guidance on preventing injection, broken access control, and sensitive data exposure. It integrates automated dependency audits and secret detection to ensure that critical vulnerabilities are identified and remediated before code is merged into production.

Key Features

01Standardized security reporting with severity categorization

02Integrated dependency audits for known CVEs

03Hardcoded secret and credential detection using Grep

04Automated OWASP Top 10 vulnerability scanning

055 GitHub stars

06Mandatory triggering for security-sensitive file patterns

Use Cases

01Pre-PR security audits for authentication and middleware changes

02Auditing third-party dependencies for security vulnerabilities

03Scanning database migrations for potential SQL injection vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add troykelly/claude-skills security-review

For use in Claude.ai and ChatGPT

Download Skill