Cc Skill Security Review

What it does

This skill helps ensure code adheres to security best practices and identifies potential vulnerabilities during development. It focuses on common security pitfalls, providing guidance and examples for secure coding techniques related to secrets management, input validation, and SQL injection prevention. The skill aims to improve the overall security posture of applications by proactively addressing these concerns.

When to use it

This skill is particularly useful in the following scenarios:

• Implementing authentication or authorization features.
• Handling user input or file uploads.
• Creating new API endpoints.
• Working with secrets and credentials.
• Implementing payment processing functionality.
• Storing or transmitting sensitive data.
• Integrating third-party APIs.

Key capabilities

• Secrets Management: Provides guidance on storing secrets in environment variables instead of hardcoding them, along with verification steps to ensure proper implementation.
• Input Validation: Demonstrates how to validate user input using schemas (e.g., Zod) and provides examples for file upload validation including size, type, and extension checks.
• SQL Injection Prevention: Illustrates the dangers of concatenating SQL queries and promotes the use of parameterized queries for safer database interactions.

Example prompts

Here are some example prompts you could give an AI agent with this skill:

• "Review this code snippet for potential secrets management vulnerabilities."
• "How can I validate user input to prevent injection attacks?"
• "Show me how to use parameterized queries in [programming language/framework]."

Tips & gotchas

• The skill provides specific examples using Zod and assumes a familiarity with similar schema validation libraries.
• It focuses on common vulnerabilities; more specialized security reviews may require additional tools or expertise.
• Always prioritize whitelisting allowed inputs rather than blacklisting potentially dangerous ones for input validation.