Does it support multiple programming languages?

Yes, the skill provides security patterns and validation examples for popular ecosystems including TypeScript (Node.js/Next.js) and Python.

Can it detect vulnerabilities in third-party libraries?

It integrates with system tools like npm audit and pip-audit to identify, report, and provide remediation steps for known vulnerabilities in your project dependencies.

Is this skill aligned with industry standards?

Yes, the security checklists and patterns provided are primarily based on the OWASP Top 10 framework and modern web security best practices.

How does this skill handle API keys and secrets?

The skill enforces the use of environment variables and .gitignore files, providing active checks to ensure no hard-coded secrets are committed to your repository history.

Security Reviewer & Auditor

Name: Security Reviewer & Auditor
Author: xiaobei930

byxiaobei930

•

安全与测试

Conducts comprehensive security audits and implements robust protection patterns to safeguard applications against common vulnerabilities.

This skill transforms Claude into a specialized security auditor, providing a structured framework for identifying and mitigating critical risks like SQL injection, XSS, and broken authentication. It offers standardized implementation patterns for secret management, schema-based input validation, secure session handling via HTTP-only cookies, and rate limiting. By integrating with system tools to audit dependencies and scan for leaked credentials, it ensures that your codebase adheres to industry-standard security benchmarks and the OWASP Top 10 throughout the development lifecycle.

主要功能

01Implementation of robust input validation using Zod, Pydantic, and DOMPurify

02SQL Injection prevention through enforced parameterized query patterns

03Secure authentication workflows featuring CSRF and XSS protection

04Automated secret and credential leak detection in source code

05Dependency auditing and vulnerability patching via automated tool integration

0634 GitHub stars

使用场景

01Conducting a pre-deployment security audit of API endpoints and database queries

02Implementing a new user authentication system with secure JWT and cookie handling

03Hardening file upload systems against path traversal and malicious payloads

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add xiaobei930/cc-best security

For use in Claude.ai and ChatGPT

Download Skill