secure-code-review

Use this skill when reviewing or writing code that handles user input, authentication, file I/O, network requests, or database queries. Always check for common security vulnerabilities before considering the code complete.

View SKILL.md on GitHub Repository

Stars 3,371

Forks 398

Install this agent skill to your Project

npx add-skill https://github.com/aiming-lab/MetaClaw/tree/main/memory_data/skills/secure-code-review

SKILL.md

Secure Code Review Checklist

Input Validation:

Never trust user-supplied input; validate type, length, and format at boundaries.
Use parameterized queries — never string-interpolate SQL.
Sanitize before rendering HTML to prevent XSS.

Secrets & Credentials:

No hardcoded passwords, API keys, or tokens in source code.
Use environment variables or a secrets manager.
Check .gitignore before adding any config files.

Dependencies:

Pin dependency versions; audit with pip audit or npm audit.
Minimize surface area: remove unused packages.

Auth:

Verify authorization on every protected endpoint, not just at login.
Use short-lived tokens; implement refresh flows.

Maintainer

aiming-lab Core maintainer

Source details

Full Name: aiming-lab/MetaClaw
Branch: main
Path in repo: memory_data/skills/secure-code-review
License: MIT License
Topics: agent llm openclaw ai-agent fine-tuning lora reinforcement-learning continual-learning meta-learning metaclaw online-learning skill-learning tinker

Featured Tools

Join Our Newsletter

Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

aiming-lab/MetaClaw

structured-progress-update

Use this skill when summarizing progress on an ongoing project or multi-step task. Give a clear, scannable status report whenever asked for an update or at the end of a work session.

3,371 398

Explore

aiming-lab/MetaClaw

async-communication-etiquette

Use this skill when writing messages in async channels (Slack, GitHub issues, email threads) where the reader may not have context and cannot ask follow-up questions immediately.

3,371 398

Explore

aiming-lab/MetaClaw

idempotent-script-design

Use this skill when writing scripts, cron jobs, data pipelines, or any automated process that may be run multiple times. Design every operation to be safely re-runnable without side effects.

3,371 398

Explore

aiming-lab/MetaClaw

secrets-management

Use this skill when handling API keys, passwords, tokens, private keys, or any sensitive credential. Never hardcode secrets in source code — apply this whenever the word "key", "token", "password", or "secret" appears in the task.

3,371 398

Explore

aiming-lab/MetaClaw

input-validation-and-sanitization

Use this skill when implementing any endpoint, form handler, CLI tool, or function that accepts external input. Validate and sanitize all untrusted data before processing — never assume input is safe.

3,371 398

Explore

aiming-lab/MetaClaw

graceful-error-recovery

Use this skill when a tool call, command, or API request fails. Diagnose the root cause systematically before retrying or changing approach. Do not retry the same failing call without first understanding why it failed.

3,371 398

Explore

Didn't find tool you were looking for?

Search AI Tools

Install this agent skill to your Project

SKILL.md

Secure Code Review Checklist

Recommended Agent Skills

structured-progress-update

async-communication-etiquette

idempotent-script-design

secrets-management

input-validation-and-sanitization

graceful-error-recovery