security-review

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.

Install with Tessl CLI

npx tessl i github:affaan-m/everything-claude-code --skill security-review

What are skills?

Review — 79%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Validation — 10 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

100%

22%

User Registration API for a Healthcare Platform

Input validation, secrets management, SQL injection prevention, rate limiting

Criteria

Without context

With context

Zod schema import

100%

Email field validation

100%

String field constraints

100%

Secrets from env vars

100%

Env var existence check

100%

.gitignore for env files

100%

Parameterized queries

100%

No SQL string concatenation

100%

Rate limiter applied

100%

Generic error response

100%

No sensitive data logged

100%

Without context: $0.6549 · 16m 7s · 25 turns · 201 in / 10,107 out tokens

With context: $1.0308 · 28m 43s · 31 turns · 2,229 in / 9,925 out tokens

90%

54%

Community Forum with Rich Text Posts in Next.js

XSS prevention, JWT cookie security, CSP headers, CSRF protection

Criteria

Without context

With context

isomorphic-dompurify import

100%

DOMPurify.sanitize called

100%

ALLOWED_TAGS restriction

100%

ALLOWED_ATTR empty

100%

CSP header in next.config

100%

httpOnly cookie for auth

100%

No localStorage for token

100%

SameSite=Strict on cookie

100%

HttpOnly flag on cookie

100%

CSRF token verification

Without context: $0.6865 · 33m 20s · 27 turns · 217 in / 9,757 out tokens

With context: $1.0265 · 51m 50s · 32 turns · 2,052 in / 11,211 out tokens

100%

Automated Deployment Pipeline for a Node.js Microservice on AWS

CI/CD OIDC authentication, secrets scanning, IAM least privilege

Criteria

Without context

With context

OIDC credential action

100%

role-to-assume not static keys

100%

id-token permission

100%

Secrets scanning step

100%

npm ci used

100%

Dependency vulnerability scan

100%

IAM specific actions

100%

IAM specific resources

100%

Minimal workflow permissions

100%

No static credentials in workflow

100%

Without context: $0.3367 · 4m 58s · 15 turns · 113 in / 4,827 out tokens

With context: $0.8373 · 29m 49s · 25 turns · 178 in / 9,253 out tokens

Evaluated: about 23 hours ago
Agent: Claude Code

Table of Contents

User Registration API for a Healthcare Platform Community Forum with Rich Text Posts in Next.js Automated Deployment Pipeline for a Node.js Microservice on AWS

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.