This one runs systematic security audits on TypeScript and Node.js codebases, checking for OWASP Top 10 issues like XSS, injection flaws, and auth problems. It works through a structured checklist: scanning for hardcoded secrets, verifying JWT configurations, checking that all database queries are parameterized, confirming input validation schemas exist for every endpoint, and running npm audit for dependency CVEs. The output is a severity-ranked report with code examples showing both vulnerable and fixed versions. Use it before production deploys, when reviewing auth implementations, or when you need to validate Express, NestJS, or Next.js security configurations. The checkpoint system keeps the review methodical rather than surface-level.
npx skills add https://github.com/giuseppe-trisciuoglio/developer-kit --skill typescript-security-review