Compétences security-checklist
🛡️

security-checklist

Sûr ⚡ Contient des scripts⚙️ Commandes externes🌐 Accès réseau

Apply OWASP Top 10 Security Best Practices

Applications often ship with critical security vulnerabilities. This skill provides AI agents with comprehensive security checklists based on OWASP Top 10. Agents can use it to identify and prevent vulnerabilities like injection attacks, broken authentication, and sensitive data exposure before code reaches production.

Prend en charge: Claude Codex Code(CC)
📊 70 Adéquat
1

Télécharger le ZIP du skill

2

Importer dans Claude

Allez dans Paramètres → Capacités → Skills → Importer un skill

3

Activez et commencez à utiliser

Tester

Utilisation de "security-checklist". Review this authentication code for security issues

Résultat attendu:

  • Password hashing uses bcrypt (strong algorithm)
  • Session cookies missing HTTPOnly flag - add SESSION_COOKIE_HTTPONLY = True
  • Rate limiting configured (5 attempts per 15 minutes)
  • Generic error messages used (no username enumeration)
  • MFA not implemented - recommend adding TOTP or SMS verification

Utilisation de "security-checklist". Check my API endpoints for broken access control

Résultat attendu:

  • GET /api/users/:id missing authorization check - add ownership verification
  • Admin routes require admin role (correct)
  • All endpoints use parameterized queries (correct)
  • Consider adding rate limiting to prevent enumeration

Audit de sécurité

Sûr
v5 • 1/16/2026

This skill is a pure markdown knowledge base containing only security documentation and educational code examples. No executable code, network calls, filesystem access, or external commands are present. All static findings (194 patterns) are false positives triggered by educational examples showing both vulnerable and secure coding patterns for documentation purposes.

3
Fichiers analysés
1,462
Lignes analysées
3
résultats
5
Total des audits

Facteurs de risque

⚡ Contient des scripts (2)
SKILL.md:197 checklists/owasp-top-10-checklist.md:256
⚙️ Commandes externes (2)
SKILL.md:187-190 SKILL.md:573-592
🌐 Accès réseau (2)
SKILL.md:388-408 checklists/owasp-top-10-checklist.md:243-245
Audité par: claude Voir l’historique des audits →

Score de qualité

38
Architecture
100
Maintenabilité
87
Contenu
31
Communauté
100
Sécurité
83
Conformité aux spécifications

Ce que vous pouvez construire

Secure API Endpoints

Review authentication and authorization logic for protected endpoints. Prevent IDOR and privilege escalation.

Prevent Injection Attacks

Implement parameterized queries and output encoding. Block XSS, SQL injection, and command injection.

Dependency Vulnerability Scanning

Run npm audit, pip-audit, and other tools. Track critical findings and block deployments with vulnerabilities.

Essayez ces prompts

Basic Security Review 
Review the following code for security vulnerabilities using the Security Checklist skill. Check for OWASP Top 10 issues including injection attacks, authentication weaknesses, and missing security headers.
Authentication Audit 
Audit the authentication implementation. Verify password hashing, session management, MFA support, and rate limiting according to security best practices.
Dependency Check 
Run a dependency vulnerability scan. Use npm audit for JavaScript or pip-audit for Python projects. Report critical and high severity findings.
API Security Check 
Review all API endpoints for broken access control. Verify authorization checks, IDOR prevention, and RBAC implementation for each protected route.

Bonnes pratiques

  • Validate all user input using allowlists, not denylists
  • Use parameterized queries for all database operations
  • Implement defense in depth with multiple security layers
  • Log security events without capturing sensitive data

Éviter

  • Using string concatenation to build SQL queries
  • Storing passwords with MD5 or SHA1 hashing
  • Leaving debug mode enabled in production
  • Exposing stack traces or error details to users

Foire aux questions

Which AI tools work with this skill?
This skill supports Claude, Codex, and Claude Code. It provides security guidance that works across any AI assistant.
What is the OWASP Top 10?
OWASP Top 10 is a regularly updated report of the most critical web application security risks, published by OWASP.
How do I run dependency scans?
Use npm audit for JavaScript, pip-audit for Python. The skill documents commands, exit codes, and escalation thresholds.
Does this skill modify my code?
No. This is a knowledge skill. It provides guidance and examples. Agents must implement fixes themselves.
What compliance standards are covered?
The skill covers GDPR data protection requirements and SOC 2 security controls for audit preparation.
How does this compare to other security tools?
Security tools scan code automatically. This skill provides contextual guidance for agents to understand and apply security patterns during development.

Détails du développeur

Licence

MIT

Dépôt

https://github.com/ArieGoldkin/ai-agent-hub/tree/main/skills/security-checklist

Réf

main

Structure de fichiers

📁 checklists/

📄 owasp-top-10-checklist.md

📄 SKILL.md