How does this skill prevent SQL injection?

The skill enforces the use of parameterized queries and ORM/query builder patterns while explicitly flagging and correcting dangerous string concatenation in database calls.

Can it help with blockchain-specific security?

Yes, it includes specific patterns for Solana, including wallet signature verification, balance checks, and transaction validation logic.

Does it handle secret management?

Absolutely; it provides strict guidelines for moving hardcoded keys to environment variables and ensuring .gitignore files are correctly configured to prevent leaks.

How does it handle XSS prevention?

The skill promotes the use of DOMPurify for HTML sanitization and provides templates for configuring robust Content Security Policy (CSP) headers.

Is it compatible with Supabase security features?

Yes, it includes specialized instructions for implementing Row Level Security (RLS) policies and secure Supabase query patterns.

Security Review Pro

Name: Security Review Pro
Author: webcrafters-belgium

bywebcrafters-belgium

0•

Security & Testing

Audits code for vulnerabilities and enforces best practices across authentication, data handling, and infrastructure.

The Security Review skill transforms Claude into a specialized security architect, providing a comprehensive framework to identify and mitigate common software vulnerabilities. It guides developers through rigorous checklists for secrets management, schema-based input validation using Zod, and SQL injection prevention. Designed for modern web development and blockchain environments, it ensures that authentication, authorization, and sensitive data handling follow industry-standard protocols like OWASP and Next.js security patterns, significantly reducing the risk of data breaches and unauthorized access during the development lifecycle.

Key Features

01SQL injection prevention via parameterized query enforcement

02Pre-deployment security checklists covering XSS, CSRF, and rate limiting

03Schema-based input validation and secure file upload patterns

04Comprehensive authentication workflows including JWT and Row Level Security

05Automated secrets management and environment variable verification

060 GitHub stars

Use Cases

01Performing a deep security audit on new API endpoints and sensitive features

02Implementing robust authentication and role-based access control (RBAC)

03Hardening applications against common attack vectors like XSS, CSRF, and SQLi

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add webcrafters-belgium/webcrafters-studio security-review

For use in Claude.ai and ChatGPT

Download Skill