Run any Skill in Manus with one click

$pwd:

security-check

Name: Security Check
Author: Melvynx

// This skill should be used when reviewing server actions, API routes, or pages for security. Use when the user asks to "security check", "review security", "audit code", or mentions authentication, authorization, permissions, or access control validation.

Run Skill in Manus

$ git log --oneline --stat

stars:0

forks:0

updated:January 18, 2026 at 05:40

File Explorer

5 files

SKILL.md

readonly

name	security-check
description	This skill should be used when reviewing server actions, API routes, or pages for security. Use when the user asks to "security check", "review security", "audit code", or mentions authentication, authorization, permissions, or access control validation.

Validate security patterns in NowTS codebase. Ensures server actions, API routes, and pages follow proper authentication and authorization patterns using Better Auth.

<quick_start> When reviewing code for security:

Identify the code type - Server action (.action.ts), API route (route.ts), or page (page.tsx)
Read the appropriate reference - Load the matching reference file
Check against patterns - Validate the code follows required security patterns
Report issues - List any security violations found

1. Read `references/server-action.md` when reviewing `.action.ts` files 2. Read `references/api-route.md` when reviewing `app/api/` routes 3. Read `references/page-server.md` when reviewing pages or layouts 4. Read `references/prisma-query.md` when reviewing ANY Prisma queries (CRITICAL)

<security_levels> Four security levels in this codebase:

Level	Server Action	API Route	Description
Public	`action`	`route`	No auth required
Authenticated	`authAction`	`authRoute`	User must be logged in
Organization	`orgAction`	`orgRoute`	User must be org member
Admin	`adminAction`	-	User must have admin role
</security_levels>

<common_violations> Critical issues to check:

Missing auth - Public action/route handling sensitive data
Missing org validation - Org-scoped data without orgAction/orgRoute
Missing permission check - Action modifies resources without permission metadata
Direct database access - Bypassing auth helpers
Exposed user data - Returning sensitive fields
Missing org filter in Prisma queries - Cross-tenant data leak risk </common_violations>

<reference_guides> Load these files based on what you're reviewing:

references/server-action.md - Server action security patterns
references/api-route.md - API route security patterns
references/page-server.md - Page and layout security patterns
references/prisma-query.md - Prisma query org filtering (CRITICAL for multi-tenant) </reference_guides>

<success_criteria>

All server actions use appropriate action client (action/authAction/orgAction/adminAction)
All API routes use appropriate route handler (route/authRoute/orgRoute)
All org-scoped actions include roles/permissions metadata when needed
All pages/layouts call auth functions before rendering protected content
No sensitive data exposed in responses
All Prisma queries on org-scoped data filter by organizationId </success_criteria>

related-skills.json

same repository

add-documentation.md

from "Melvynx/MistratonReview"

Add or update documentation in content/docs/ for features, APIs, or tools

2026-02-160

optimizer.md

from "Melvynx/MistratonReview"

This skill should be used when the user asks to "optimize", "improve performance", "add caching", "use TanStack Query", "add state management", "use cache", "add URL state", or mentions Zustand, TanStack Form, nuqs, client-side fetching, optimistic updates, React Query, cacheTag, or revalidateTag. Provides best practices for state management, URL state, data fetching, forms, caching, and Next.js optimization.

2026-01-190

create-tests.md

from "Melvynx/MistratonReview"

This skill should be used when the user asks to "create tests", "write tests", "add unit tests", "add e2e tests", "test this component", or mentions testing, Vitest, Playwright, or test coverage. Covers unit tests with Vitest and e2e tests with Playwright including organization logic.

2026-01-180

init-project.md

from "Melvynx/MistratonReview"

Initialize NowTS project with app name, purpose, theme, and landing page content

2026-01-180

package.json

"author": "Melvynx"

"repository": "Melvynx/MistratonReview"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	security-check
description	This skill should be used when reviewing server actions, API routes, or pages for security. Use when the user asks to "security check", "review security", "audit code", or mentions authentication, authorization, permissions, or access control validation.

Validate security patterns in NowTS codebase. Ensures server actions, API routes, and pages follow proper authentication and authorization patterns using Better Auth.

<quick_start> When reviewing code for security:

Identify the code type - Server action (.action.ts), API route (route.ts), or page (page.tsx)
Read the appropriate reference - Load the matching reference file
Check against patterns - Validate the code follows required security patterns
Report issues - List any security violations found

<security_levels> Four security levels in this codebase:

Level	Server Action	API Route	Description
Public	`action`	`route`	No auth required
Authenticated	`authAction`	`authRoute`	User must be logged in
Organization	`orgAction`	`orgRoute`	User must be org member
Admin	`adminAction`	-	User must have admin role
</security_levels>

<common_violations> Critical issues to check:

Missing auth - Public action/route handling sensitive data
Missing org validation - Org-scoped data without orgAction/orgRoute
Missing permission check - Action modifies resources without permission metadata
Direct database access - Bypassing auth helpers
Exposed user data - Returning sensitive fields
Missing org filter in Prisma queries - Cross-tenant data leak risk </common_violations>

<reference_guides> Load these files based on what you're reviewing:

references/server-action.md - Server action security patterns
references/api-route.md - API route security patterns
references/page-server.md - Page and layout security patterns
references/prisma-query.md - Prisma query org filtering (CRITICAL for multi-tenant) </reference_guides>

<success_criteria>

All server actions use appropriate action client (action/authAction/orgAction/adminAction)
All API routes use appropriate route handler (route/authRoute/orgRoute)
All org-scoped actions include roles/permissions metadata when needed
All pages/layouts call auth functions before rendering protected content
No sensitive data exposed in responses
All Prisma queries on org-scoped data filter by organizationId </success_criteria>

security-check

More from this repository

More from this repository