← ClaudeAtlas

ecc-security-reviewlisted

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
mworldorg/markdown-memory · ★ 52 · Code & Development · score 83
Install: claude install-skill mworldorg/markdown-memory
<!-- Vendored from ECC (https://github.com/affaan-m/everything-claude-code), MIT © 2026 Affaan Mustafa. See LICENSE & NOTICE.md in this folder. Skill renamed security-review → ecc-security-review to avoid clash with the built-in /security-review command. Content otherwise verbatim. --> # Security Review Skill This skill ensures all code follows security best practices and identifies potential vulnerabilities. ## When to Activate - Implementing authentication or authorization - Handling user input or file uploads - Creating new API endpoints - Working with secrets or credentials - Implementing payment features - Storing or transmitting sensitive data - Integrating third-party APIs ## Security Checklist ### 1. Secrets Management #### FAIL: NEVER Do This ```typescript const apiKey = "sk-proj-xxxxx" // Hardcoded secret const dbPassword = "password123" // In source code ``` #### PASS: ALWAYS Do This ```typescript const apiKey = process.env.OPENAI_API_KEY const dbUrl = process.env.DATABASE_URL // Verify secrets exist if (!apiKey) { throw new Error('OPENAI_API_KEY not configured') } ``` #### Verification Steps - [ ] No hardcoded API keys, tokens, or passwords - [ ] All secrets in environment variables - [ ] `.env.local` in .gitignore - [ ] No secrets in git history - [ ] Production secrets in hosting platform (Vercel, Railway) ### 2. Input Validation #### Always Validate User Input ```typescript import { z } from 'zod' // Define validation schema const CreateUserSche