Does it recommend specific tools for input validation?

The skill provides standardized implementation patterns using Zod for schema validation and DOMPurify for HTML sanitization.

Can this skill help with blockchain development?

Yes, it includes specific security modules for Solana, covering wallet signature verification, transaction validation, and balance checks.

How does it handle secret management?

It enforces the use of environment variables, checks for hardcoded API keys in source code, and verifies that .env files are correctly ignored by Git.

Is this skill compatible with Supabase and Next.js?

Yes, it includes specific patterns for Supabase Row Level Security (RLS) and Next.js security headers and API rate limiting.

What vulnerabilities does the Security Review skill check for?

It provides comprehensive checks for the OWASP Top 10, including SQL injection, Cross-Site Scripting (XSS), CSRF, broken authentication, and sensitive data exposure.

Security Review Pro

Name: Security Review Pro
Author: affaan-m

byaffaan-m

•

112,917

•

安全与测试

Conducts comprehensive security audits and enforces industry best practices for authentication, data handling, and API development.

The Security Review skill transforms Claude into a specialized security consultant for your development workflow. It provides detailed, actionable checklists and implementation patterns to identify vulnerabilities before they reach production. Covering everything from secret management and Zod-based input validation to SQL injection prevention and secure cookie handling, this skill ensures that every piece of code adheres to high-security standards. It includes specific guidance for modern stacks like Next.js and Supabase, as well as specialized checks for blockchain transactions on Solana, making it an essential tool for building robust, exploit-resistant applications.

主要功能

01112,917 GitHub stars

02Best-practice patterns for preventing SQL injection, XSS, and CSRF attacks

03Automated security checklists for API endpoints and user input validation

04Secure credential management auditing to prevent hardcoded secrets

05Role-based access control and Row Level Security (RLS) implementation guidance

06Blockchain-specific security for Solana wallet and transaction verification

使用场景

01Auditing new API endpoints for potential data leaks or authorization bypasses

02Implementing standardized input validation and secure file upload logic

03Reviewing authentication flows and JWT storage strategies for web applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add affaan-m/everything-claude-code security-review

For use in Claude.ai and ChatGPT

主要功能

01112,917 GitHub stars

02Best-practice patterns for preventing SQL injection, XSS, and CSRF attacks

03Automated security checklists for API endpoints and user input validation

04Secure credential management auditing to prevent hardcoded secrets

05Role-based access control and Row Level Security (RLS) implementation guidance

06Blockchain-specific security for Solana wallet and transaction verification

使用场景

01Auditing new API endpoints for potential data leaks or authorization bypasses

02Implementing standardized input validation and secure file upload logic

03Reviewing authentication flows and JWT storage strategies for web applications