security-review
Security Review Skill
This skill ensures all code follows security best practices and identifies potential vulnerabilities.
Required Companion Skill
Use /interrogate-me as part of this workflow before finalizing security guidance or sign-off. Let it stress-test the feature, assets, actors, trust boundaries, data flows, attacker goals, secrets, permissions, integrations, failure modes, and deployment assumptions one question at a time. Incorporate the resulting assumptions, decisions, risks, and unresolved issues into the security checklist, threat model, verification steps, and final recommendations.
When to Activate
- Implementing authentication or authorization
- Handling user input or file uploads
- Creating new API endpoints
- Working with secrets or credentials
- Implementing payment features
- Storing or transmitting sensitive data
- Integrating third-party APIs
Security Checklist
More from christopheralphonse/calphonse-skills
qa-only
|
4vercel-react-best-practices
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
4playwright-cli
Automate browser interactions, test web pages and work with Playwright tests.
4jest-react-testing
Comprehensive React component testing with Jest and React Testing Library covering configuration, mocking strategies, async testing patterns, hooks testing, and integration testing best practices
4plan-ceo-wrapup
Writes the founder/product review artifact under .planning/reviews and optional strategy doc under .planning/strategy.
4prd-mode
Description of the custom chat mode.
4