Is this skill limited to a specific programming language?

While it features specific examples for JavaScript (Node.js) and Python, the principles, checklists, and patterns are applicable to any modern web development environment.

Does the skill provide guidance on Content Security Policy (CSP)?

Absolutely. It includes a comprehensive CSP example and explanations for essential security headers like HSTS, X-Frame-Options, and Permissions-Policy.

Can I use this skill to check for hardcoded secrets?

Yes, it includes a dedicated section on secrets management that provides patterns for identifying leaked credentials and instructions for using specialized scanners like trufflehog.

How does this skill help with OWASP Top 10 compliance?

It provides a specific, actionable checklist for all ten OWASP categories, including code examples for both vulnerable and fixed implementations across multiple languages.

Security Review Specialist

Name: Security Review Specialist
Author: Claude-Code-Community-Ireland

byClaude-Code-Community-Ireland

•

安全与测试

Performs comprehensive security audits and code reviews based on OWASP Top 10 standards and modern defensive patterns.

The Security Review skill transforms Claude into a specialized security engineer capable of auditing codebases for critical vulnerabilities. It provides a structured framework based on the OWASP Top 10 (2021) to identify risks such as broken access control, injection attacks, and insecure design. By leveraging domain-specific implementation patterns for authentication, authorization, and secrets management, this skill helps developers move beyond basic linting to deep, context-aware security hardening. It is an essential tool for teams looking to integrate security-first thinking into their development workflow, offering actionable code examples for mitigating XSS, CSRF, and SSRF vulnerabilities while ensuring proper security headers and dependency scanning are in place.

主要功能

01Comprehensive authorization models for RBAC and ABAC implementations

02Defensive coding guidelines for SQL injection, XSS, CSRF, and SSRF mitigation

03Standardized security header configurations (CSP, HSTS, CORS) and secrets management

04Secure authentication patterns including password hashing (Argon2, bcrypt) and MFA

056 GitHub stars

06OWASP Top 10 (2021) baseline checklist for systematic vulnerability detection

使用场景

01Conducting automated pre-merge security audits on pull requests to identify potential exploits

02Reviewing cloud infrastructure and environment configurations for sensitive secret leakage

03Hardening API endpoints by implementing robust input validation and session management

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claude-code-community-ireland/claude-code-resources security-review

For use in Claude.ai and ChatGPT

Download Skill