When using save_post you are usually add/updating user-inputted data from a metabox into the database. When do this you should check that your metabox’s nonce is valid.
You should also check permissions as save_post is triggered inside wp_insert_post(), and not just when the you create/edit a post admin side.