陌讯skills聚合平台

security_audit

📁 cityfish91159/maihouses 📅 Jan 25, 2026
15
总安装量
3
周安装量
#21875
全站排名
安装命令
npx skills add https://github.com/cityfish91159/maihouses --skill security_audit

Agent 安装分布

opencode 3
codex 3
claude-code 2
antigravity 2
gemini-cli 2
windsurf 1

Skill 文档

Security Audit Protocol

1. Critical “Guard” Files

WARNING: The following files are OFF-LIMITS for modification without explicit user approval.

  • scripts/ai-diff-gate.ts
  • .github/workflows/**
  • Any file with midlaw or policy in the name.

2. Database Security (Supabase)

  • RLS (Row Level Security):
    • EVERY table must have RLS enabled.
    • Policies must explicitly define USING and WITH CHECK clauses.
    • NEVER use service_role key in frontend client code.
  • SQL Injection:
    • Use parameterized queries or ORM methods (Supabase JS client) only.
    • Avoid raw SQL string concatenation.

3. API Security

  • Authentication:
    • Verify user exists in req (usually populated by middleware/auth helper).
    • Check permissions before performing actions (e.g. checkPermission(user.id, 'post.create')).
  • Input Validation:
    • Validate ALL inputs using zod schemas.
    • Sanitize HTML inputs if rendering user content (use DOMPurify).

4. Audit Checklist

  • Are guards/policies untouched?
  • Is RLS enabled and tested?
  • Is input validation (zod) in place?
  • Are no secrets committed to code?
  • Did I run /security-review (if available) or manual check?
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。