# Secure Your Code with Comprehensive Security Reviews

Prevent common vulnerabilities like SQL injection, XSS, and authentication flaws with automated security checklists. Get expert guidance on secure coding practices during development.

## Install

```bash
npx skillstore add affaan-m/sickn33-cc-skill-security-review
```

## Metadata

- - Slug: sickn33-cc-skill-security-review
- - Version: 1.0
- - Author: affaan-m
- - GitHub username: sickn33
- - License: MIT
- - Repository: https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/cc-skill-security-review
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: safe
- - Risk factors: external\_commands, network, env\_access
- - Quality score: 80
- - Quality tier: silver
- - Public page: https://skillstore.pages.dev/skills/sickn33-cc-skill-security-review
- - Manifest: https://skillstore.pages.dev/api/skills/sickn33-cc-skill-security-review/manifest

## Capabilities

- Provides comprehensive security checklists for authentication, input validation, SQL injection prevention, XSS protection, CSRF protection, and rate limiting
- Teaches secure coding patterns with side-by-side comparisons of vulnerable vs secure code examples
- Covers blockchain security for Solana including wallet verification and transaction validation
- Includes pre-deployment security checklist covering 17 critical security areas
- Provides security testing examples for automated test coverage
- Documents best practices for secrets management, error handling, and dependency security

## Use Cases

- Pre-commit Security Review: Developer runs this skill before committing code to verify authentication, input validation, and SQL injection prevention patterns are correctly implemented
- Pre-deployment Security Audit: Team lead uses the pre-deployment checklist to ensure all 17 security requirements are met before production release
- Security Learning Tool: Junior developer studies the skill examples to learn secure coding patterns and understand common vulnerability types

## Prompt Templates

### Basic Security Check

```
Run security review on my current code changes. Check for hardcoded secrets, input validation issues, SQL injection vulnerabilities, and authentication problems.
```

### Authentication Implementation

```
Review my authentication implementation. Verify that tokens use httpOnly cookies (not localStorage), authorization checks are in place, and session management is secure.
```

### API Endpoint Security

```
Conduct security review on my new API endpoints. Check SQL injection prevention, XSS protection, CSRF tokens, rate limiting, and error message security.
```

### Pre-deployment Audit

```
Run complete pre-deployment security audit. Verify all 17 checklist items including secrets management, input validation, parameterized queries, XSS/CSRF protection, rate limiting, HTTPS enforcement, security headers, and dependency security.
```

## Limitations

- Documentation-only skill that provides guidance but does not automatically scan or fix code
- Requires developer knowledge to correctly implement the security patterns shown
- Does not integrate with automated security testing tools or CI/CD pipelines
- Examples focus on TypeScript/JavaScript ecosystem with some framework-specific guidance

## Best Practices

- Run security review skill before every commit involving authentication, input handling, database queries, or API endpoints
- Use the pre-deployment checklist as a final verification step before production releases
- Study both the NEVER and ALWAYS examples to understand vulnerability patterns and their fixes

## Anti Patterns

- Using this skill as a replacement for automated security testing tools or penetration testing
- Running security review only after production issues occur instead of during development
- Treating documentation examples as copy-paste solutions without understanding the security principles

## Security Audit

- - Safe to publish: true
- - Audited at: 2026-02-25T06:27:05.655\+00:00
- - Summary: Static analysis detected 91 potential security issues in SKILL.md documentation file. All findings are FALSE POSITIVES - the detected patterns are code examples within educational documentation showing both vulnerable and secure coding patterns. The skill teaches security best practices through comparison examples \(marked with ❌ NEVER and ✅ ALWAYS\). No executable code, no actual security risks. This is a legitimate educational security review skill.

## Stats

- - Views: 120
- - Downloads: 9
- - Favorites: 0
- - Popularity score: 0