Originally forked from affaan-m's collection, this one runs a security checklist whenever you're touching sensitive code like auth, API endpoints, or payment flows. It covers the usual suspects: secrets management, input validation, and third-party integrations. With 430 installs and passing most security audits (Snyk flagged something minor), it's clearly getting used in the wild. The checklist approach is straightforward, maybe a bit basic if you're already security-minded, but helpful as a forcing function to actually think through the threat model before shipping. Good for teams that need consistent security reviews without slowing down too much.
npx skills add https://github.com/davila7/claude-code-templates --skill security-review