Summary
This is a PR review checklist that walks through OWASP Top 10 vulnerabilities with specific patterns for Python/FastAPI and React codebases. You get code-level checks for access control issues, SQL injection, weak crypto, insecure CORS configs, and JWT misconfigurations. It writes findings to a markdown file with severity and line numbers. The examples are practical, like catching missing authorization dependencies or spotting `shell=True` in subprocess calls. It won't help with infrastructure security or incident response, just application code review. If your team reviews security-sensitive PRs and you want a structured audit pattern instead of ad hoc comments, this gives you the runthrough.
Install to Claude Code
npx -y skills add hieutrtr/ai1-skills --skill code-review-security --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
