Skip to main content

security-review

Ensures code adheres to security best practices, identifying vulnerabilities in authentication, API endpoints, and sensitive data handling.

Install this skill

or
62/100

Security score

The security-review skill was audited on Feb 28, 2026 and we found 18 security issues across 5 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 115

Template literal with variable interpolation in command context

SourceSKILL.md
115const query = `SELECT * FROM users WHERE email = '${userEmail}'`
medium line 149

Template literal with variable interpolation in command context

SourceSKILL.md
149`token=${token}; HttpOnly; Secure; SameSite=Strict; Max-Age=3600`)
medium line 258

Template literal with variable interpolation in command context

SourceSKILL.md
258`session=${sessionId}; HttpOnly; Secure; SameSite=Strict`)
medium line 438

Template literal with variable interpolation in command context

SourceSKILL.md
438headers: { Authorization: `Bearer ${userToken}` }
low line 431

Fetch to external URL

SourceSKILL.md
431const response = await fetch('/api/protected')
low line 437

Fetch to external URL

SourceSKILL.md
437const response = await fetch('/api/admin', {
low line 445

Fetch to external URL

SourceSKILL.md
445const response = await fetch('/api/users', {
low line 455

Fetch to external URL

SourceSKILL.md
455fetch('/api/endpoint')
low line 34

Access to .env file

SourceSKILL.md
34const apiKey = process.env.OPENAI_API_KEY
low line 35

Access to .env file

SourceSKILL.md
35const dbUrl = process.env.DATABASE_URL
medium line 46

Access to .env file

SourceSKILL.md
46- [ ] `.env.local` in .gitignore
low line 353

Buffer.from base64 decode

SourceSKILL.md
353Buffer.from(signature, 'base64'),
low line 354

Buffer.from base64 decode

SourceSKILL.md
354Buffer.from(publicKey, 'base64')
low line 223

External URL reference

SourceSKILL.md
223connect-src 'self' https://api.example.com;
low line 489

External URL reference

SourceSKILL.md
489- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
low line 490

External URL reference

SourceSKILL.md
490- [Next.js Security](https://nextjs.org/docs/security)
low line 491

External URL reference

SourceSKILL.md
491- [Supabase Security](https://supabase.com/docs/guides/auth)
low line 492

External URL reference

SourceSKILL.md
492- [Web Security Academy](https://portswigger.net/web-security)
Scanned on Feb 28, 2026
View Security Dashboard

Install this skill with one command

/learn @davila7/cc-skill-security-review
GitHub Stars 22.3K
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawbackendapisecurity-engineerbackend-developerdevops-sresupabaseverceldevelopment
davila7/claude-code-templates