Does it check cloud infrastructure or IAM configurations?

No, this skill is focused strictly on application-level code security and does not cover DevOps, network configuration, or cloud IAM reviews.

Which programming languages and frameworks are supported?

While it focuses on general security logic, it provides specific implementation guidance for Python (SQLAlchemy), PHP (Nette), and Latte templates.

When is the best time to use the security-review skill?

It is most effective during deep code reviews, before merging pull requests, or immediately after adding features that handle sensitive user data.

Can this skill replace a professional security penetration test?

This skill is a powerful tool for catching common errors during development, but it should be used to complement, not replace, a comprehensive professional security review.

What vulnerabilities does the Security Reviewer skill detect?

It audits code for the OWASP Top 10 vulnerabilities, including SQL injection, XSS, CSRF, broken access control, and sensitive data exposure.

OWASP Security Reviewer

Name: OWASP Security Reviewer
Author: petrogurcak

bypetrogurcak

0•

安全与测试

Performs automated OWASP Top 10 security audits to identify vulnerabilities like SQL injection, XSS, and broken authentication in application code.

The Security Reviewer skill enables Claude to act as a specialized security auditor, scanning your application code for critical vulnerabilities based on the OWASP Top 10 framework. It provides targeted checks for SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and insecure authentication patterns, offering specific remediation examples for frameworks like SQLAlchemy and Nette. This skill is essential for developers performing deep-reviews before production deployments or after implementing sensitive features like payment gateways and user authentication systems.

主要功能

01Comprehensive OWASP Top 10 vulnerability scanning

02Audit of authentication logic and session management security

03Verification of XSS and CSRF protection mechanisms

04Detection of SQL, NoSQL, and OS Command injection flaws

05Identification of sensitive data exposure and hardcoded secrets

060 GitHub stars

使用场景

01Auditing legacy codebases for outdated hashing algorithms or insecure session handling

02Performing a final security checklist before deploying code to production

03Reviewing new authentication or payment features for implementation flaws

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add petrogurcak/skills security-review

For use in Claude.ai and ChatGPT

Download Skill