Can this skill help with Solana blockchain development?

Yes, it includes specific patterns for verifying wallet signatures, validating transaction details, and performing balance checks before signing.

What libraries does it use for input validation?

The skill provides standardized implementation patterns for Zod to ensure all user inputs are validated against strict schemas.

How does it handle XSS and CSRF protection?

It guides the implementation of DOMPurify for HTML sanitization, Content Security Policies (CSP), and the use of CSRF tokens for state-changing operations.

Does it provide guidance on secrets management?

Yes, it enforces the movement of hardcoded API keys and credentials into environment variables and ensures .env files are properly ignored by Git.

How does the Security Review skill prevent SQL injection?

It identifies dangerous string concatenation in queries and enforces the use of parameterized queries or safe ORM patterns.

Security Review

Name: Security Review
Author: Fabio29T

byFabio29T

0•

安全与测试

Audits code for security vulnerabilities and enforces industry-standard best practices for authentication, data handling, and infrastructure protection.

The Security Review skill acts as an automated security auditor for your development workflow, providing a comprehensive framework to identify and mitigate common vulnerabilities. It guides Claude to implement robust patterns for secrets management, input validation via Zod, SQL injection prevention, and secure authentication flows using httpOnly cookies and Row Level Security. Whether you are building financial features, handling sensitive user data, or developing blockchain integrations on Solana, this skill ensures your code meets rigorous security standards and passes a pre-deployment checklist to minimize risk.

主要功能

01Advanced input validation patterns using Zod and strict file upload restriction logic.

020 GitHub stars

03Comprehensive security checklists for authentication, authorization, and session management.

04Domain-specific security protocols for Solana blockchain transactions and Supabase RLS policies.

05Automated identification of hardcoded secrets and guidance for environment variable configuration.

06Defensive patterns against common web attacks including XSS, CSRF, and SQL Injection.

使用场景

01Securing new API endpoints with robust rate limiting and input sanitization.

02Implementing secure authentication flows and role-based access control (RBAC).

03Conducting a final pre-deployment audit to ensure no sensitive data is leaked in logs or error messages.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fabio29t/everything-claude security-review

For use in Claude.ai and ChatGPT

主要功能

01Advanced input validation patterns using Zod and strict file upload restriction logic.

020 GitHub stars

03Comprehensive security checklists for authentication, authorization, and session management.

04Domain-specific security protocols for Solana blockchain transactions and Supabase RLS policies.

05Automated identification of hardcoded secrets and guidance for environment variable configuration.

06Defensive patterns against common web attacks including XSS, CSRF, and SQL Injection.

使用场景

01Securing new API endpoints with robust rate limiting and input sanitization.

02Implementing secure authentication flows and role-based access control (RBAC).

03Conducting a final pre-deployment audit to ensure no sensitive data is leaked in logs or error messages.