What frameworks are covered in the security patterns?

While the principles are universal, it provides specific implementation examples for Next.js, Supabase, Express, and Zod.

Does it support blockchain-specific security?

Yes, it includes specialized modules for Solana, covering wallet ownership verification, transaction validation, and balance checks.

How does this skill help prevent SQL injection?

The skill provides specific code patterns and verification steps to ensure all database interactions use parameterized queries or safe ORM methods instead of string concatenation.

Can it assist with secret management?

Yes, it includes a strict 'do and don't' list for handling API keys and credentials, focusing on environment variables and .gitignore best practices.

Security Review & Best Practices

Name: Security Review & Best Practices
Author: LuciferDono

byLuciferDono

•

安全与测试

Audits code for vulnerabilities and provides implementation patterns for secure authentication, input validation, and secret management.

The Security Review skill is a comprehensive enhancement for Claude Code designed to harden applications against common threats and ensure production-grade safety. It provides structured checklists and battle-tested code patterns for critical security domains including SQL injection prevention, XSS/CSRF protection, secure API design, and sensitive data handling. By integrating OWASP-aligned standards and framework-specific guidance for tools like Next.js, Supabase, and Solana, this skill empowers developers to identify risks early and implement robust defenses throughout the development lifecycle.

主要功能

01OWASP-aligned protection strategies for XSS, CSRF, and Rate Limiting

02Zod-based input validation and file upload verification patterns

03Solana-specific blockchain transaction and wallet signature verification

04Secure secret management and environment variable guidelines

051 GitHub stars

06Comprehensive security checklists for pre-deployment audits

使用场景

01Conducting security audits for web applications and blockchain integrations

02Implementing secure user authentication and session management with HttpOnly cookies

03Hardening API endpoints against injection and unauthorized access

主要功能

01OWASP-aligned protection strategies for XSS, CSRF, and Rate Limiting

02Zod-based input validation and file upload verification patterns

03Solana-specific blockchain transaction and wallet signature verification

04Secure secret management and environment variable guidelines

051 GitHub stars

06Comprehensive security checklists for pre-deployment audits

使用场景

01Conducting security audits for web applications and blockchain integrations

02Implementing secure user authentication and session management with HttpOnly cookies

03Hardening API endpoints against injection and unauthorized access