Can it help prevent SQL injection?

Yes, the skill includes specific checks for parameterized queries, ORM usage, and input sanitization to help you identify and remediate injection risks.

Is the checklist language-agnostic?

Yes, the principles covered—such as broken access control, cryptographic failures, and insecure design—apply to virtually all modern web and application development stacks.

When is the best time to use this skill?

It is most effective when used during the design phase for threat modeling and during the code review process to ensure new features meet security standards.

Does this skill replace a professional security audit?

No, while it provides a robust framework for developer-led reviews and identifying common vulnerabilities, it should complement rather than replace professional penetration testing for critical systems.

Security & Compliance Checklist

Name: Security & Compliance Checklist
Author: Zate

byZate

0•

Security & Testing

Applies comprehensive security audits and OWASP-aligned checks to identify vulnerabilities in application code and architecture.

The Security Checklist skill equips Claude with a rigorous framework for identifying security flaws and enforcing industry-standard best practices across the development lifecycle. Based on the OWASP Top 10 (2021), it provides actionable guidance for hardening authentication, securing data at rest and in transit, and preventing common exploits like injection and SSRF. It is an essential companion for developers performing code reviews, threat modeling, or preparing applications for production deployment.

Key Features

01Security header configuration for XSS and Clickjacking prevention

02Input validation and context-specific output encoding patterns

030 GitHub stars

04Comprehensive OWASP Top 10 (2021) vulnerability mapping

05Detailed authentication, session management, and JWT security audits

06Guidelines for sensitive data classification and protection

Use Cases

01Conducting security-focused code reviews before merging pull requests

02Implementing secure session management and password hashing workflows

03Hardening API endpoints against broken access control and injection

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zate/cc-plugins security-checklist

For use in Claude.ai and ChatGPT

Download Skill