How does this skill prevent SQL injection?

It enforces the use of parameterized queries and ORM/query builders while strictly forbidding string concatenation in database calls to ensure user input cannot execute malicious SQL.

Is it compatible with Supabase?

Yes, it specifically includes patterns for enabling Row Level Security (RLS) and writing secure database policies to protect data at the storage level.

Does it support blockchain development?

It includes specific checks for Solana development, including wallet ownership verification via signatures and strict transaction validation logic.

Can this help with frontend security?

Yes, it provides patterns for XSS prevention through DOM purification and secure cookie handling (httpOnly, Secure, SameSite) for session management.

Security Review & Hardening

Name: Security Review & Hardening
Author: claudiodearaujo

byclaudiodearaujo

0•

安全与测试

Audits and secures application code by implementing industry-standard security patterns, from input validation to secrets management.

The Security Review Skill is a comprehensive toolkit for Claude Code designed to identify vulnerabilities and enforce security best practices throughout the development lifecycle. It provides actionable patterns for handling authentication, preventing injection attacks, managing secrets safely, and implementing robust authorization like Row Level Security. Whether you are building API endpoints, handling sensitive user data, or integrating blockchain wallets, this skill ensures your implementation adheres to the OWASP Top 10 and modern security standards through automated checklists and proven code templates.

主要功能

01Built-in patterns for XSS, CSRF protection, and API rate limiting.

02Secure secrets management and environment variable configuration guidelines.

03Injection prevention strategies for SQL and NoSQL database interactions.

040 GitHub stars

05Standardized patterns for input validation using Zod and schema-based checks.

06Comprehensive security checklists for authentication and authorization flows.

使用场景

01Performing a security audit before deploying new API endpoints to production.

02Implementing secure authentication flows using httpOnly cookies and Row Level Security.

03Sanitizing user-generated content and file uploads to prevent malicious injections.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter cc-skill-security-review

For use in Claude.ai and ChatGPT

主要功能

01Built-in patterns for XSS, CSRF protection, and API rate limiting.

02Secure secrets management and environment variable configuration guidelines.

03Injection prevention strategies for SQL and NoSQL database interactions.

040 GitHub stars

05Standardized patterns for input validation using Zod and schema-based checks.

06Comprehensive security checklists for authentication and authorization flows.

使用场景

01Performing a security audit before deploying new API endpoints to production.

02Implementing secure authentication flows using httpOnly cookies and Row Level Security.

03Sanitizing user-generated content and file uploads to prevent malicious injections.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter cc-skill-security-review

For use in Claude.ai and ChatGPT