feature-security_skill

This skill analyzes security aspects of new features, validating authentication, input protection, data handling, and best-practice configurations.
  • Shell

0

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill shotaiuchi/dotclaude --skill feature-security

  • SKILL.md1.8 KB

Overview

This skill performs a targeted security analysis for new feature implementations. It focuses on authentication, authorization, input validation, data protection, and security configuration to surface gaps and actionable remediation items. The output is a clear status report per checklist item to guide developers and reviewers.

How this skill works

The skill inspects feature design and implementation artifacts—API endpoints, authentication flows, input handling, data storage, and configuration files—against a concise checklist. It verifies controls like token validation, RBAC, input sanitization, encryption, and security headers. For each checklist item the skill assigns a status (Complete, Partial, Blocked, Skipped) and provides short remediation guidance when issues are found.

When to use it

  • During design reviews for features that include user identity, permissions, or sensitive data
  • Before merging code that adds or modifies authentication or authorization logic
  • When approving file uploads, external command execution, or database changes
  • As part of release readiness checks for features handling PII or secrets
  • When verifying third-party dependencies and security-related configuration

Best practices

  • Require authentication and enforce RBAC on all protected endpoints by default
  • Validate and sanitize all inputs server-side; prefer parameterized queries to avoid SQL injection
  • Encrypt sensitive data in transit and at rest; never hardcode secrets in source
  • Mask or omit PII in logs and responses; use safe error messages that do not reveal internals
  • Apply security headers (CSP, HSTS, X-Frame-Options) and configure CORS tightly
  • Use rate limiting on auth endpoints and validate dependency versions for known vulnerabilities

Example use cases

  • Reviewing a new user registration and login flow for session handling and token expiry
  • Assessing a role-based feature toggle to prevent privilege escalation
  • Validating file upload endpoints for type, size, and malware scanning controls
  • Auditing database changes to ensure parameterized queries and proper encryption
  • Preparing a release checklist for a feature that stores or processes PII

FAQ

Provide API specs, authentication flow diagrams, code snippets for auth/input handling, config files, and a list of dependencies.

How are issues prioritized in the report?

Findings are prioritized by impact on confidentiality, integrity, and availability, with actionable remediations for high-impact items.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational