skills/aiming-lab/metaclaw/secure-code-review

secure-code-review

SKILL.md

Secure Code Review Checklist

Input Validation:

Never trust user-supplied input; validate type, length, and format at boundaries.
Use parameterized queries — never string-interpolate SQL.
Sanitize before rendering HTML to prevent XSS.

Secrets & Credentials:

No hardcoded passwords, API keys, or tokens in source code.
Use environment variables or a secrets manager.
Check .gitignore before adding any config files.

Dependencies:

Pin dependency versions; audit with pip audit or npm audit.
Minimize surface area: remove unused packages.

Auth:

Verify authorization on every protected endpoint, not just at login.
Use short-lived tokens; implement refresh flows.

Weekly Installs

3

Repository

aiming-lab/metaclaw

GitHub Stars

1.1K

First Seen

1 day ago

Security Audits

Gen Agent Trust HubPass

Installed on

gemini-cli3

claude-code3

github-copilot3

codex3

kimi-cli3

cursor3