Workflow Code Review

Security-Focused Review

Review workflow specifically targeting security vulnerabilities

reviewsecurityaudit
CLAUDE.md

When performing a security review:

  1. Check all user inputs: are they validated and sanitized at the boundary?
  2. Check database queries: are they parameterized? Any string interpolation in SQL?
  3. Check output rendering: is dynamic content escaped? Any use of innerHTML or dangerouslySetInnerHTML?
  4. Check authentication: does every protected endpoint verify auth? Are tokens validated correctly?
  5. Check authorization: does the code verify the user has permission for the specific resource, not just that they’re logged in?
  6. Check secrets: are there hardcoded keys, tokens, or passwords? Are secrets logged anywhere?
  7. Check dependencies: are there known vulnerabilities in new or updated packages?
  8. Check error responses: do they leak stack traces, internal paths, or system details?

Copy this workflow into your CLAUDE.md or agent config file so your agent follows this process automatically.

get crystl