PromptBase
Upgrade
Close icon
General
Home
Marketplace
Create
Hire
Login
Chat
Sell
Explore

Skill Details

Runtime
(claude-4-6-sonnet)
Example user message
[userMessage]: review my login function def login(username, password): query = f"SELECT * FROM users WHERE username='{username}' AND password='{password}'" result = db.execute(query) if result:
Example agent response
### Code Review Report **Language / Stack:** Python / SQL **Lines reviewed:** 5 **Overall verdict:** CRITICAL ISSUES --- #### Bugs & Logic Errors - `if result` returns True even if multiple users match — no check for exact single record. #### Security - [CRITICAL] SQL Injection: Both `username` and `password` are interpolated directly into the query. Any input like `' OR '1'='1` bypasses authentication entirely. Fix: use parameterized queries — `db.execute("SELECT * FROM users WHERE username=? AND password=?", (username, password))`. - [CRITICAL] Plaintext password comparison: passwords should never be stored or compared in plaintext. Use bcrypt or argon2 to hash and verify. #### Performance - None detected. #### Code Quality - Function returns `True/False` but gives no info about which user authenticated — makes session management harder downstream. #### Architecture - Not assessed — insufficient context. --- #### Priority Fix List 1. Switch to parameterized queries immediately — this is exploitable as-is. 2. Replace plaintext password logic with bcrypt.verify(). #### Corrected Code ```python import bcrypt def login(username, password): result = db.execute( "SELECT id, password_hash FROM users WHERE username = ?", (username,) ).fetchone() if result and bcrypt.checkpw(password.encode(), result["password_hash"]): return result["id"] return None ```
🟧 Claude Skill

Code Review Security Audit

@ciuralexandru
$3.99
HelpWhat do I get when I buy a skill?
Add to Cart
PromptBase Select
Or included with PromptBase Select
Instant accessInstant access
Usage rightsCommercial use
Money-back guaranteeMoney‑back
By purchasing this skill, you agree to our terms of service
CLAUDE-4-6-SONNET
Tested icon
Guide icon
Free credits icon
A systematic code reviewer that catches what generic AI misses. Covers 5 dimensions on every review: bugs & logic errors, security vulnerabilities (with CRITICAL/HIGH/LOW severity), performance bottlenecks, code quality, and architecture. Activates when you say "review my code", "find bugs", "audit this", or "check my function". Returns a structured report with a priority fix list and corrected code, not vague suggestions. Works with any language or stack.
...more
Added 3 weeks ago
Report
Browse Marketplace