aiming-lab/secure-code-review
memory_data/skills/secure-code-review/SKILL.md
Use this skill when reviewing or writing code that handles user input, authentication, file I/O, network requests, or database queries. Always check for common security vulnerabilities before considering the code complete.
$ install --global
skillsauthnpx skillsauth add aiming-lab/metaclaw secure-code-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 28, 2026, 2:58 PM36.0s1 file scanned
SKILL.md
- name:
- secure-code-review
- description:
- Use this skill when reviewing or writing code that handles user input, authentication, file I/O, network requests, or database queries. Always check for common security vulnerabilities before considering the code complete.
- category:
- coding
Secure Code Review Checklist
Input Validation:
- Never trust user-supplied input; validate type, length, and format at boundaries.
- Use parameterized queries — never string-interpolate SQL.
- Sanitize before rendering HTML to prevent XSS.
Secrets & Credentials:
- No hardcoded passwords, API keys, or tokens in source code.
- Use environment variables or a secrets manager.
- Check
.gitignorebefore adding any config files.
Dependencies:
- Pin dependency versions; audit with
pip auditornpm audit. - Minimize surface area: remove unused packages.
Auth:
- Verify authorization on every protected endpoint, not just at login.
- Use short-lived tokens; implement refresh flows.
Related Skills
aiming-lab/visualization-selection
development
VerifiedTrustedCommunity
Use this skill when creating charts, plots, or dashboards. Choose the visualization type that best communicates the data relationship before writing any plotting code.
2,755SKILL.mdUpdated Mar 27, 2026
aiming-lab/verify-before-irreversible-action
testing
VerifiedTrustedCommunity
Use this skill before taking any action that is hard to reverse — deleting files, overwriting data, sending messages, pushing to remote, modifying production systems. Always pause, state what you are about to do, and confirm before executing.
2,755SKILL.mdUpdated Mar 27, 2026
aiming-lab/uncertainty-acknowledgment
research
VerifiedTrustedCommunity
Use this skill when you are not sure about a fact, have outdated knowledge, or the question is contested. Explicitly communicate the level of confidence instead of asserting uncertain things as fact.
2,755SKILL.mdUpdated Mar 27, 2026
aiming-lab/tool-selection-strategy
tools
VerifiedTrustedCommunity
Use this skill when deciding which tools to call in an agentic workflow. Always choose the minimal, most direct tool for each step and avoid redundant or speculative tool calls.
2,755SKILL.mdUpdated Mar 27, 2026