Is this skill compatible with Supabase and Next.js?

Yes, it includes specific security guidance for Next.js middleware, Content Security Policy (CSP) headers, and Supabase Row Level Security (RLS) policies.

How does it improve secrets management?

It enforces strict patterns for using environment variables, ensuring that API keys, database passwords, and tokens are never hardcoded or committed to version control.

What common vulnerabilities does this skill help identify?

The skill provides checklists and patterns to identify and prevent SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and insecure secrets management.

Does this skill support specific validation libraries?

Yes, it provides optimized implementation patterns for Zod, enabling robust schema-based validation for user inputs and API requests.

Can I use this for blockchain and Web3 security?

Absolutely. It includes specialized modules for Solana blockchain security, focusing on wallet ownership verification and transaction validation.

Security Review & Audit

Name: Security Review & Audit
Author: affaan-m

byaffaan-m

•

34,604

安全与测试

Performs comprehensive security audits and implements robust defensive patterns to protect applications from common vulnerabilities and data leaks.

关于

This skill transforms Claude into a security-conscious engineer by providing a rigorous framework for auditing code and implementing defensive best practices. It covers critical security domains including secrets management, schema-based input validation with Zod, SQL injection prevention, and secure authentication flows using httpOnly cookies. Whether you are building REST APIs, managing sensitive user data, or developing blockchain transactions on Solana, this skill ensures your implementation adheres to industry standards like the OWASP Top 10, preventing Cross-Site Scripting (XSS), CSRF, and accidental exposure of sensitive information.

主要功能

Secure implementation patterns for environment variables and secrets management
Defensive coding templates for SQL injection, XSS, and CSRF prevention
Specialized blockchain security protocols for Solana wallet and transaction verification
API rate limiting and secure error handling to prevent data exposure
34,604 GitHub stars
Automated security checklists for authentication, authorization, and input handling

使用场景

Implementing secure user authentication and Row Level Security (RLS) for database access
Auditing new API endpoints for injection vulnerabilities and authorization flaws before production
Securing file upload systems with robust size, type, and extension validation

关于

主要功能

Secure implementation patterns for environment variables and secrets management
Defensive coding templates for SQL injection, XSS, and CSRF prevention
Specialized blockchain security protocols for Solana wallet and transaction verification
API rate limiting and secure error handling to prevent data exposure
34,604 GitHub stars
Automated security checklists for authentication, authorization, and input handling

使用场景

Implementing secure user authentication and Row Level Security (RLS) for database access
Auditing new API endpoints for injection vulnerabilities and authorization flaws before production
Securing file upload systems with robust size, type, and extension validation