Can I use this for automated pull request reviews?

Yes, it is designed to be invoked during PR reviews to focus specifically on security-critical paths like authentication, database queries, and input handling.

Which security standards is this skill grounded in?

This skill is grounded in industry-standard frameworks including OWASP Top 10, CWE Top 25, SWEBOK, and NIST secure development guidelines.

How does this skill use the OWASP Top 10?

It systematically analyzes your code against all ten categories of critical web vulnerabilities, providing specific red flags and remediation strategies for each finding.

Does it provide code fixes for identified vulnerabilities?

Yes, every finding includes a description of the vulnerability, the potential attack scenario, and a specific code example of how to implement the remediation.

Secure Code Review

Name: Secure Code Review
Author: sethdford

bysethdford

•

安全与测试

Systematically reviews code for security vulnerabilities using OWASP Top 10 standards and secure coding patterns.

The Secure Code Review skill transforms Claude into a security-focused auditor capable of identifying critical vulnerabilities before they reach production. By leveraging industry standards like the OWASP Top 10 and CWE Top 25, this skill provides a rigorous framework for evaluating input validation, authentication logic, cryptographic implementations, and error handling. It is designed for developers and security leads who need to maintain high security standards during pull request reviews, legacy code audits, or the implementation of sensitive features involving PII and financial data.

主要功能

01Detailed analysis of input validation and output encoding patterns

02Actionable remediation guidance with 'Before and After' code examples

03OWASP Top 10 (2021) vulnerability mapping and identification

04Authentication and authorization logic verification

05Cryptographic audit for encryption standards and key management

065 GitHub stars

使用场景

01Establishing secure coding best practices and guardrails for engineering teams

02Performing a security audit on third-party API integrations

03Reviewing Pull Requests that touch authentication, payments, or data access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sethdford/claude-skills secure-coding-review

For use in Claude.ai and ChatGPT

主要功能

01Detailed analysis of input validation and output encoding patterns

02Actionable remediation guidance with 'Before and After' code examples

03OWASP Top 10 (2021) vulnerability mapping and identification

04Authentication and authorization logic verification

05Cryptographic audit for encryption standards and key management

065 GitHub stars

使用场景

01Establishing secure coding best practices and guardrails for engineering teams

02Performing a security audit on third-party API integrations

03Reviewing Pull Requests that touch authentication, payments, or data access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sethdford/claude-skills secure-coding-review

For use in Claude.ai and ChatGPT