ReddRadar
Agent skill
security-scan
Proactive security scanning. Triggers when modifying auth, API endpoints, user data, or sensitive operations.
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/security-scan
SKILL.md
Security Scan Skill
Automatically scans for security issues when security-sensitive code is modified.
When to Activate
This skill should activate when:
- Changes touch authentication or authorization
- New API endpoints are added
- User input handling is modified
- Database queries are added/modified
- File uploads or storage operations
- Payment or financial operations
Security Checklist
1. Authentication & Authorization
- Auth middleware applied to protected routes
- Firebase Auth tokens properly validated
- User can only access their own data
- Admin endpoints properly restricted
2. Input Validation
- All user inputs validated
- Request body size limits
- File upload type/size restrictions
- Path traversal prevention
3. Data Protection
- No sensitive data in logs
- No secrets in code
- PII properly handled
- Signed URLs used for private files
4. API Security
- Rate limiting considered
- CORS properly configured
- Error messages don't leak info
- Proper HTTP status codes
5. Firebase/Firestore Security
- Security rules updated for new collections
- Rules tested with Firebase emulator
- No wildcard read/write rules
- Proper field-level validation
OWASP Top 10 Quick Check
- Injection - Parameterized queries?
- Broken Auth - Session management secure?
- Sensitive Data - Encrypted at rest/transit?
- XXE - XML parsing disabled/secured?
- Broken Access Control - Authorization checked?
- Misconfiguration - Default configs changed?
- XSS - Output encoded?
- Deserialization - Untrusted data validated?
- Components - Dependencies up to date?
- Logging - Security events logged?
Platform-Specific Checks
Backend (Go)
# Run security scan
cd backend && make security-scan
# Check for vulnerabilities
cd backend && make vuln-check
Web (Next.js)
# Check npm vulnerabilities
cd web && npm audit
# Check for secrets
grep -r "api_key\|secret\|password" web/src/
Output Format
## Security Scan Results
### Critical Vulnerabilities
- [Immediate action required]
### High Risk Issues
- [Should be fixed before deploy]
### Medium Risk Issues
- [Should be addressed soon]
### Recommendations
- [Security best practices]
Reference
See docs/SECURITY.md for detailed security requirements.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?