Learn Skills
EnglishEspañolFrançaisDeutsch简体中文繁體中文日本語한국어
·code-review-security
!

code-review-security

hieutrtr/ai1-skills

Security-focused code review checklist and automated scanning patterns. Use when reviewing pull requests for security issues, auditing authentication/authorization code, checking for OWASP Top 10 vulnerabilities, or validating input sanitization. Covers SQL injection prevention, XSS protection, CSRF tokens, authentication flow review, secrets detection, dependency vulnerability scanning, and secure coding patterns for Python (FastAPI) and React. Does NOT cover deployment security (use docker-best-practices) or incident handling (use incident-response).

hieutrtr·code·review·security
44Installs·2Trend·@hieutrtr

Installation

GitHub: hieutrtr/ai1-skills
$npx skills add https://github.com/hieutrtr/ai1-skills --skill code-review-security

SKILL.md

Review every PR against the OWASP Top 10 (2021 edition). Each category below includes specific checks for Python/FastAPI and React codebases.

| eval(userinput) | Remote code execution | Remove or use ast.literaleval | | pickle.loads(data) | Arbitrary code execution | Use JSON or msgpack | | subprocess.run(cmd, shell=True) | Command injection | Pass args as list, shell=False | | yaml.load(data) | Code execution | Use yaml.safeload(data) |

| os.system(cmd) | Command injection | Use subprocess.run([...]) | | Raw SQL strings | SQL injection | Use ORM or parameterized queries | | hashlib.md5(password) | Weak hashing | Use bcrypt via passlib | | jwt.decode(token, options={"verifysignature": False}) | Auth bypass | Always verify signature |

Security-focused code review checklist and automated scanning patterns. Use when reviewing pull requests for security issues, auditing authentication/authorization code, checking for OWASP Top 10 vulnerabilities, or validating input sanitization. Covers SQL injection prevention, XSS protection, CSRF tokens, authentication flow review, secrets detection, dependency vulnerability scanning, and secure coding patterns for Python (FastAPI) and React. Does NOT cover deployment security (use docker-best-practices) or incident handling (use incident-response). Source: hieutrtr/ai1-skills.

View raw

Facts (cite-ready)

Stable fields and commands for AI/search citations.

Install command
npx skills add https://github.com/hieutrtr/ai1-skills --skill code-review-security
Source
hieutrtr/ai1-skills
Category
!Security
Verified
First Seen
2026-02-05
Updated
2026-02-18
URL
https://www.learn-skills.dev/en/skills/hieutrtr/ai1-skills/code-review-security

Quick answers

What is code-review-security?

Security-focused code review checklist and automated scanning patterns. Use when reviewing pull requests for security issues, auditing authentication/authorization code, checking for OWASP Top 10 vulnerabilities, or validating input sanitization. Covers SQL injection prevention, XSS protection, CSRF tokens, authentication flow review, secrets detection, dependency vulnerability scanning, and secure coding patterns for Python (FastAPI) and React. Does NOT cover deployment security (use docker-best-practices) or incident handling (use incident-response). Source: hieutrtr/ai1-skills.

How do I install code-review-security?

Open your terminal or command line tool (Terminal, iTerm, Windows Terminal, etc.) Copy and run this command: npx skills add https://github.com/hieutrtr/ai1-skills --skill code-review-security Once installed, the skill will be automatically configured in your AI coding environment and ready to use in Claude Code or Cursor

Where is the source repository?

https://github.com/hieutrtr/ai1-skills

Details

Category
!Security
Source
skills.sh
First Seen
2026-02-05

Related Skills

e2e-testing
1.0K Installs
react-frontend-expert
24 Installs
react-testing-patterns
20 Installs
python-backend-expert
19 Installs
pre-merge-checklist
14 Installs
pytest-patterns
13 Installs