secure-code-review

Secure Code Review Checklist

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "secure-code-review" with this command: npx skills add aiming-lab/metaclaw/aiming-lab-metaclaw-secure-code-review

Secure Code Review Checklist

Input Validation:

  • Never trust user-supplied input; validate type, length, and format at boundaries.

  • Use parameterized queries — never string-interpolate SQL.

  • Sanitize before rendering HTML to prevent XSS.

Secrets & Credentials:

  • No hardcoded passwords, API keys, or tokens in source code.

  • Use environment variables or a secrets manager.

  • Check .gitignore before adding any config files.

Dependencies:

  • Pin dependency versions; audit with pip audit or npm audit .

  • Minimize surface area: remove unused packages.

Auth:

  • Verify authorization on every protected endpoint, not just at login.

  • Use short-lived tokens; implement refresh flows.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

codebase-navigation

No summary provided by upstream source.

Repository SourceNeeds Review
5-aiming-lab
General

structured-progress-update

No summary provided by upstream source.

Repository SourceNeeds Review
5-aiming-lab
General

graceful-error-recovery

No summary provided by upstream source.

Repository SourceNeeds Review
5-aiming-lab
General

async-communication-etiquette

No summary provided by upstream source.

Repository SourceNeeds Review
5-aiming-lab