This is your security reviewer for React, Next.js, and NestJS apps. It covers the practical stuff: authentication patterns with JWT and OAuth, authorization with RBAC, input validation with DTOs, and security headers like CSP and HSTS. The OWASP Top 10 quick reference is genuinely useful for code reviews. It'll check your project's CLAUDE.md and .agents/memory for existing security rules before making recommendations, which is smart. The checklists are thorough without being preachy. Treat this as a second pair of eyes that actually knows the difference between bcrypt and base64, not as a replacement for thinking through your threat model.
npx skills add https://github.com/shipshitdev/library --skill security-expert