ReddRadar
Agent skill
security-pr-checklist-skill
Creates repeatable security review checklist for PRs with required checks, common pitfalls, and automated gating. Use for "security review", "PR checklist", "code review", or "security gates".
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/development/security-pr-checklist-skill
SKILL.md
Security PR Checklist Skill
Standardized security review for pull requests.
PR Security Checklist
## Security Review Checklist
### Authentication & Authorization
- [ ] No hardcoded credentials
- [ ] Authorization checks on all endpoints
- [ ] Session management secure
- [ ] Rate limiting on auth endpoints
### Input Validation
- [ ] All inputs validated
- [ ] Output properly encoded
- [ ] No SQL injection risks
- [ ] No XSS vulnerabilities
### Data Protection
- [ ] Sensitive data encrypted at rest
- [ ] HTTPS enforced
- [ ] No PII in logs
- [ ] Secure cookie configuration
### Dependencies
- [ ] No new high/critical vulnerabilities
- [ ] Dependencies up to date
- [ ] No suspicious packages
### Secrets Management
- [ ] No secrets in code
- [ ] Environment variables used
- [ ] .env files in .gitignore
### Error Handling
- [ ] No sensitive info in errors
- [ ] Generic error messages
- [ ] Proper logging
Output Checklist
- PR template created
- Required security checks
- Common pitfalls documented
- Automated checks in CI
- Review guidelines ENDFILE
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?