- Home
- Skills
- Htooayelwinict
- Claude Config
- Security Review
security-review_skill
0
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill htooayelwinict/claude-config --skill security-review- reference.md2.3 KB
- SKILL.md3.7 KB
Overview
This skill performs code security audits focused on OWASP Top 10 risks. It is designed for the security-expert agent to run pre-deployment checks, pull request reviews, and focused authentication or authorization reviews. The goal is to produce actionable findings categorized by severity.
How this skill works
The skill inspects changed files (git diff) and runs mandatory dependency audits (composer audit, npm audit) plus framework checks like php artisan route:list. It scans for OWASP Top 10 patterns across Laravel and React code, reviews authentication/authorization, input validation, sanitization, and component/browser secrets. Findings are reported as Critical → Warning → Suggestion with remediation notes.
When to use it
- Before merging a pull request that touches authentication, authorization, or input handling
- Prior to deploying a release to production
- When auditing third-party dependency changes or new packages
- When reviewing routes, middleware, or API surface for access control
- When investigating reported XSS, SQL injection, CSRF, or SSRF concerns
Best practices
- Always run the mandatory validation loop: git diff, composer audit, npm audit, php artisan route:list
- Focus on changed files first, then expand to related modules and configuration (.env, build settings)
- Map findings to OWASP Top 10 and include specific code references and reproduction steps
- Prioritize fixes: treat dependency and runtime-executable vulnerabilities as Critical
- Recommend framework-native mitigations (e.g., Laravel fillable/guarded, @csrf, Hash::make) and avoid exposing secrets in client builds
Example use cases
- Security review of a pull request that adds new API endpoints or middleware
- Pre-deployment audit to confirm no regression in authentication, rate limiting, or CSRF protections
- Audit a React component library for XSS risks and accidental client-side secret leaks
- Check a Laravel application for mass assignment, SQL injection patterns, and route middleware gaps
- Investigate dependency CVEs reported by web search or security scanner
FAQ
Run git diff to scope changes, composer audit and npm audit for dependency issues, and php artisan route:list to verify route middleware. Report any dependency or middleware failures as Critical findings.
How are findings classified?
Findings are reported by severity: Critical (exploitable or dependency CVE), Warning (high-risk patterns like missing CSRF or broken access control), Suggestion (hardening and best-practice improvements).