security-review
Comprehensive security checklist and patterns for authentication, input validation, secrets management, and sensitive operations.
- Covers 10 core security domains: secrets management, input validation, SQL injection prevention, authentication/authorization, XSS prevention, CSRF protection, rate limiting, sensitive data exposure, blockchain wallet verification, and dependency security
- Includes code examples for each vulnerability type with clear "never do this" and "always do this" patterns across TypeScript, SQL, and configuration
- Provides pre-deployment checklist with 16 verification items and automated security test examples for authentication, authorization, input validation, and rate limiting
- Supports multiple frameworks and platforms: Next.js, Supabase (with Row Level Security), Express, Solana blockchain, and standard Node.js environments
Security Review Skill
This skill ensures all code follows security best practices and identifies potential vulnerabilities.
When to Activate
- Implementing authentication or authorization
- Handling user input or file uploads
- Creating new API endpoints
- Working with secrets or credentials
- Implementing payment features
- Storing or transmitting sensitive data
- Integrating third-party APIs
Security Checklist
1. Secrets Management
FAIL: NEVER Do This
More from affaan-m/everything-claude-code
golang-patterns
Idiomatic Go patterns, best practices, and conventions for building robust, efficient, and maintainable Go applications.
7.4Kcoding-standards
Baseline cross-project coding conventions for naming, readability, immutability, and code-quality review. Use detailed frontend or backend skills for framework-specific patterns.
6.7Kfrontend-patterns
Frontend development patterns for React, Next.js, state management, performance optimization, and UI best practices.
6.6Kbackend-patterns
Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.
6.6Kgolang-testing
Go testing patterns including table-driven tests, subtests, benchmarks, fuzzing, and test coverage. Follows TDD methodology with idiomatic Go practices.
6.1Kspringboot-patterns
Spring Boot architecture patterns, REST API design, layered services, data access, caching, async processing, and logging. Use for Java Spring Boot backend work.
5.6K