Agent skill

security-lens

Apply security awareness during code review and implementation. Catches common vulnerabilities without requiring full security audit.

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/security/security-lens-malston-claude-config

SKILL.md

Security Awareness Lens

When reviewing or writing code, check for:

Input Handling

  • User input validated before use
  • SQL uses parameterized queries (never string concat)
  • HTML output escaped to prevent XSS
  • File paths validated (no path traversal)

Authentication/Authorization

  • Auth checks at controller level, not just UI
  • Sensitive operations re-verify permissions
  • Session tokens are httpOnly, secure, sameSite

Data Exposure

  • Logs don't contain secrets, tokens, PII
  • Error messages don't leak internal details
  • API responses don't include unnecessary fields

Secrets

  • No hardcoded credentials
  • Secrets from environment/vault, not config files
  • .gitignore covers .env, credentials

See @owasp-quick-ref.md for detailed vulnerability patterns.

Didn't find tool you were looking for?

Be as detailed as possible for better results