security-review
Security Review
Comprehensive security audit for the MuRP codebase.
Security Checklist
Authentication & Authorization
- No hardcoded credentials
- API keys only in environment variables
- Proper token handling
- RLS policies on Supabase tables
Data Protection
- No sensitive data in logs
- PII properly handled
- Encryption for sensitive fields
- Input sanitization
API Security
- SQL injection prevention (parameterized queries)
- XSS protection
- CSRF tokens where needed
- Rate limiting configured
Dependencies
- Run
npm audit - Check for known vulnerabilities
- Verify dependency integrity
Infrastructure
- Environment variables not exposed to frontend
- Edge functions use proper auth
- Webhook endpoints validated
Scan Commands
# Check for hardcoded secrets
grep -r "sk_" --include="*.ts" --include="*.tsx" .
grep -r "password.*=" --include="*.ts" --include="*.tsx" .
# Check npm vulnerabilities
npm audit
# Check for console.log with sensitive data
grep -r "console.log.*token\|password\|secret" --include="*.ts" .
Report Format
| Severity | File | Issue | Remediation |
|---|---|---|---|
| Critical | path | desc | fix |
Trigger Phrases
- "security review"
- "security audit"
- "check for vulnerabilities"
- "/security-review"
More from bselee/murp
code-review
Review code for quality, security, and best practices. Use when reviewing recent changes, PRs, or checking code quality. Proactively use after significant code modifications.
9connect
Connect Claude to any app. Send emails, create issues, post messages, update databases - take real actions across Gmail, Slack, GitHub, Notion, and 1000+ services.
8deploy
Build the project, commit all changes, and deploy directly to main. Use when deploying changes to production.
8systematic-debugging
Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes
8artifacts-builder
Suite of tools for creating elaborate, multi-component claude.ai HTML artifacts using modern frontend web technologies (React, Tailwind CSS, shadcn/ui). Use for complex artifacts requiring state management, routing, or shadcn/ui components - not for simple single-file HTML/JSX artifacts.
8