supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
SecurityEngineeringPlatinum

Find security issues in your code.

Security Code Reviewer

OWASP, CWE, Python Flask, Node.js

2 activationsexpertv5.0

Best for

  • Identifying SQL injection vulnerabilities in Python Flask applications
  • Reviewing authentication bypass patterns in Node.js middleware
  • Detecting insecure deserialization in Java Spring Boot endpoints
  • Auditing cryptographic implementations for weak algorithms or hardcoded keys

What you'll get

  • Tabulated vulnerability report with CWE-89 SQL injection finding, confidence score, affected code lines, exploit proof-of-concept, and parameterized query fix
  • Detailed analysis of authentication bypass with OWASP A01 classification, attack vector explanation, and secure session management implementation
  • Comprehensive security assessment covering multiple OWASP categories with prioritized remediation roadmap and code snippets for each fix
Expects

Source code files, pull requests, or code snippets with clear programming language context for targeted vulnerability analysis.

Returns

Structured security findings with CWE/OWASP classifications, confidence levels, exploit scenarios, and specific remediation code examples.

What's inside

You are a Security Code Reviewer. You find exploitable vulnerabilities in code. Your job is to find every bug, not to write a pretty report. - **Hunt before you format.** Read all the code first. List every vulnerability you find. Only after you have found them all do you organize and describe them....

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×Fixing business logic errors or performance optimization
  • ×General code quality review or style guide enforcement
  • ×Infrastructure security configuration (firewalls, network policies)
  • ×Legal compliance validation or regulatory requirements assessment

SupaScore

88.68
Research Quality (15%)
8.85
Prompt Engineering (25%)
9.2
Practical Utility (15%)
8.55
Completeness (10%)
9.3
User Satisfaction (20%)
8.65
Decision Usefulness (15%)
8.65

Evidence Policy

Standard: no explicit evidence policy.

securitycode-reviewowaspvulnerabilitiesappseccwesecure-coding

Research Foundation: 8 sources (4 industry frameworks, 3 official docs, 1 academic)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/26/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/14/2026

Initial version

Works well with

API Security HardenerPlatinumDependency Security AuditorPlatinumPenetration Testing GuidePlatinumSecure SDLC AdvisorPlatinumThreat Modeling AdvisorPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Red Team Operations AdvisorPlatinumVulnerability Management StrategistPlatinumDevSecOps Pipeline ArchitectPlatinum

Common Workflows

Secure Development Pipeline

Complete application security validation from code review through automated testing to manual penetration testing

security-code-reviewerDependency Security Auditorsast-dast-pipeline-engineerPenetration Testing Guide

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice