← Back to Skills

Code Review Security

🌐Community
by hieutrtr · vlatest · Repository

Helps with code review, security as part of implementing security and authentication workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add code-review-security npx -- -y @trustedskills/code-review-security
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "code-review-security": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/code-review-security"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill assists with reviewing code for security vulnerabilities, focusing on authentication and authorization workflows. It helps identify potential weaknesses based on the OWASP Top 10 (2021 edition) checklist, particularly within Python/FastAPI and React codebases. The skill outputs its findings to a security-review.md file, detailing severity, location (file:line), description of the issue, and recommendations for remediation.

When to use it

  • Reviewing pull requests for security vulnerabilities.
  • Auditing changes related to authentication or authorization.
  • Examining code that handles user input, file uploads, or external data.
  • Checking new features against the OWASP Top 10 vulnerabilities.
  • Validating that secrets are not committed to the repository.
  • Scanning dependencies for known vulnerabilities.
  • Reviewing API endpoints that expose sensitive data.

Key capabilities

  • OWASP Top 10 Review: Checks code against the OWASP Top 10 (2021 edition) checklist.
  • Python/FastAPI Specific Checks: Includes specific checks for Python and FastAPI codebases related to authentication, authorization, and cryptography.
  • React Codebase Considerations: Considers security implications within React codebases.
  • Secret Detection: Identifies hardcoded secrets, API keys, or tokens in the codebase.
  • Dependency Vulnerability Scanning: Checks for known vulnerabilities in project dependencies.
  • Output to File: Generates a security-review.md file containing findings with severity, location, description, and recommendations.

Example prompts

  • "Review this pull request for security vulnerabilities."
  • "Check the authentication code changes against OWASP Top 10."
  • "Scan this API endpoint for potential data exposure issues."

Tips & gotchas

  • This skill is specifically designed for security-focused code reviews and should not be used for general code quality checks or writing implementation code. Use other specialized skills for those tasks.
  • The skill focuses on Python/FastAPI and React, so its effectiveness may vary with different technologies.
  • It does not handle deployment infrastructure security or incident response procedures; use dedicated tools for those purposes.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
hieutrtr
Installs
82
Repository (canonical source) →

🌐 Community

Passed automated security scans.