Skip to main content

Cc Skill Security Review

Ensures code adheres to security best practices, identifying vulnerabilities in authentication, user input, and sensitive data handling.

Install this skill

or
62/100

Security score

The Cc Skill Security Review skill was audited on Mar 7, 2026 and we found 18 security issues across 5 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 117

Template literal with variable interpolation in command context

SourceSKILL.md
117const query = `SELECT * FROM users WHERE email = '${userEmail}'`
medium line 151

Template literal with variable interpolation in command context

SourceSKILL.md
151`token=${token}; HttpOnly; Secure; SameSite=Strict; Max-Age=3600`)
medium line 260

Template literal with variable interpolation in command context

SourceSKILL.md
260`session=${sessionId}; HttpOnly; Secure; SameSite=Strict`)
medium line 440

Template literal with variable interpolation in command context

SourceSKILL.md
440headers: { Authorization: `Bearer ${userToken}` }
low line 433

Fetch to external URL

SourceSKILL.md
433const response = await fetch('/api/protected')
low line 439

Fetch to external URL

SourceSKILL.md
439const response = await fetch('/api/admin', {
low line 447

Fetch to external URL

SourceSKILL.md
447const response = await fetch('/api/users', {
low line 457

Fetch to external URL

SourceSKILL.md
457fetch('/api/endpoint')
low line 36

Access to .env file

SourceSKILL.md
36const apiKey = process.env.OPENAI_API_KEY
low line 37

Access to .env file

SourceSKILL.md
37const dbUrl = process.env.DATABASE_URL
medium line 48

Access to .env file

SourceSKILL.md
48- [ ] `.env.local` in .gitignore
low line 355

Buffer.from base64 decode

SourceSKILL.md
355Buffer.from(signature, 'base64'),
low line 356

Buffer.from base64 decode

SourceSKILL.md
356Buffer.from(publicKey, 'base64')
low line 225

External URL reference

SourceSKILL.md
225connect-src 'self' https://api.example.com;
low line 491

External URL reference

SourceSKILL.md
491- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
low line 492

External URL reference

SourceSKILL.md
492- [Next.js Security](https://nextjs.org/docs/security)
low line 493

External URL reference

SourceSKILL.md
493- [Supabase Security](https://supabase.com/docs/guides/auth)
low line 494

External URL reference

SourceSKILL.md
494- [Web Security Academy](https://portswigger.net/web-security)
Scanned on Mar 7, 2026
View Security Dashboard

Install this skill with one command

/learn @mayurrathi/cc-skill-security-review
GitHub Stars 1
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawbackendapibackend-developerdevops-sresecurity-engineerproduct-managertechnical-pmsupabaseverceldevelopmentproduct
mayurrathi/awesome-agent-skills