e2ec-it/crush/skills/ecc-security-review
crush/skills/ecc-security-review/SKILL.md
# ECC Security Review Checklist: - Input validation and output encoding - AuthN/AuthZ boundaries (who can call what) - Secrets: no hardcoded tokens/keys; env vars only - Dependency risk: check lockfile changes; prefer pinned versions - SSRF / RCE vectors (URLs, file paths, shells) - SQL/NoSQL injection checks Deliver: - Top risks + severity - Concrete mitigations - Tests for the highest-risk paths
development
Updated Apr 21, 2026
$ install --global
skillsauthnpx skillsauth add e2ec-it/pub-xifan-crush-best-practices crush/skills/ecc-security-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 21, 2026, 6:31 PM181.6s1 file scanned
SKILL.md
ECC Security Review
Checklist:
- Input validation and output encoding
- AuthN/AuthZ boundaries (who can call what)
- Secrets: no hardcoded tokens/keys; env vars only
- Dependency risk: check lockfile changes; prefer pinned versions
- SSRF / RCE vectors (URLs, file paths, shells)
- SQL/NoSQL injection checks
Deliver:
- Top risks + severity
- Concrete mitigations
- Tests for the highest-risk paths
Related Skills
e2ec-it/sp-writing-plans
content-media
VerifiedTrustedCommunity
SUPERPOWERS-style implementation planning: turn an approved design into 2–5 minute tasks with exact file paths, commands, verifications, and frequent commits.
SKILL.mdUpdated Apr 21, 2026
e2ec-it/sp-tdd
development
VerifiedTrustedCommunity
SUPERPOWERS TDD enforcement: NO production code without a failing test first. Delete code written before tests.
SKILL.mdUpdated Apr 21, 2026
e2ec-it/sp-subagent-dev
development
VerifiedTrustedCommunity
Execute plan per task with role separation and review loops (spec then quality). In Crush, simulate subagents via role prompts / new sessions.
SKILL.mdUpdated Apr 21, 2026
e2ec-it/sp-request-code-review
development
VerifiedTrustedCommunity
Request review between tasks and before merge. Use git SHAs to scope changes and produce actionable findings.
SKILL.mdUpdated Apr 21, 2026