droids-security-checklist

Description

Security review checklist for code analysis. Use when reviewing code for security vulnerabilities, authentication issues, input validation, or OWASP top 10 concerns.

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Skill Content

Security Review Checklist

Use this checklist when performing security reviews of code changes.

Authentication & Authorization

All endpoints require appropriate authentication
Authorization checks are present and correct
Session management is secure (timeout, regeneration)
Password policies are enforced
Multi-factor authentication where appropriate

Input Validation

All user inputs are validated server-side
Input length limits are enforced
Special characters are properly escaped
File uploads are validated (type, size, content)
URL parameters are validated

Injection Prevention

SQL queries use parameterized statements
NoSQL queries are properly sanitized
Command injection is prevented
LDAP injection is prevented
XPath injection is prevented

XSS Prevention

Output encoding is applied consistently
Content Security Policy headers are set
DOM-based XSS is prevented
Stored XSS is prevented
Reflected XSS is prevented

CSRF Protection

CSRF tokens are used for state-changing operations
SameSite cookie attribute is set
Referer/Origin headers are validated

Sensitive Data

No hardcoded secrets, API keys, or passwords
Sensitive data is encrypted at rest
Sensitive data is encrypted in transit (HTTPS)
PII is handled according to regulations
Logs don't contain sensitive information

Error Handling

Error messages don't expose system details
Stack traces are not shown to users
Errors are logged appropriately
Fail-secure defaults are used

Dependencies

Dependencies are up to date
No known vulnerabilities in dependencies
Minimal dependency footprint

Severity Levels

When reporting issues, use these severity levels:

Level	Description	Example
CRITICAL	Immediate exploitation risk	SQL injection, RCE
HIGH	Significant security impact	Auth bypass, XSS
MEDIUM	Moderate risk with conditions	CSRF, info disclosure
LOW	Minor security concern	Missing headers

Links

GitHub Stats

0 forks

Updated 2 hours ago

Related Skills

api-design-principles

23.1K

Master REST and GraphQL API design principles to build intuitive, scalable, and maintainable APIs that delight developers. Use when designing new APIs, reviewing API specifications, or establishing API design standards.

From backend-development

screen-reader-testing

23.1K

Test web applications with screen readers including VoiceOver, NVDA, and JAWS. Use when validating screen reader compatibility, debugging accessibility issues, or ensuring assistive technology support.

From accessibility-compliance

wcag-audit-patterns

23.1K

Conduct WCAG 2.2 accessibility audits with automated testing, manual verification, and remediation guidance. Use when auditing websites for accessibility, fixing WCAG violations, or implementing accessible design patterns.

From accessibility-compliance