secure-code-guardian

Solid

Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities — including custom security implementations such as hashing passwords with bcrypt/argon2, sanitizing SQL queries with parameterized statements, configuring CORS/CSP headers, validating input with Zod, and setting up JWT tokens. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention, secure session management, and security hardening. For pre-built OAuth/SSO integrations or standalone security audits, consider a more specialized skill.

AI & Automation 9,509 stars 807 forks Updated 1 weeks ago MIT

Install

View on GitHub

Quality Score: 94/100

Stars 20%
100
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Secure Code Guardian ## Core Workflow 1. **Threat model** — Identify attack surface and threats 2. **Design** — Plan security controls 3. **Implement** — Write secure code with defense in depth; see code examples below 4. **Validate** — Test security controls with explicit checkpoints (see below) 5. **Document** — Record security decisions ### Validation Checkpoints After each implementation step, verify: - **Authentication**: Test brute-force protection (lockout/rate limit triggers), session fixation resistance, token expiration, and invalid-credential error messages (must not leak user existence). - **Authorization**: Verify horizontal and vertical privilege escalation paths are blocked; test with tokens belonging to different roles/users. - **Input handling**: Confirm SQL injection payloads (`' OR 1=1--`) are rejected; confirm XSS payloads (`<script>alert(1)</script>`) are escaped or rejected. - **Headers/CORS**: Validate with a security scanner (e.g., `curl -I`, Mozilla Observatory) that security headers are present and CORS origin allowlist is correct. ## Reference Guide Load detailed guidance based on context: | Topic | Reference | Load When | |-------|-----------|-----------| | OWASP | `references/owasp-prevention.md` | OWASP Top 10 patterns | | Authentication | `references/authentication.md` | Password hashing, JWT | | Input Validation | `references/input-validation.md` | Zod, SQL injection | | XSS/CSRF | `references/xss-csrf.md` | XSS prevention, CSRF | | H...

Details

Author
Jeffallan
Repository
Jeffallan/claude-skills
Created
7 months ago
Last Updated
1 weeks ago
Language
Python
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

secure-code-guardian

Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention.

1 Updated today
zacklecon
API & Backend Listed

security-sentinel

Use when working with authentication, API routes, user input, or sensitive data. Audits code for security vulnerabilities based on OWASP Top 10. Critical for payment processing, auth systems, and data handling.

335 Updated today
aiskillstore
Data & Documents Listed

security-best-practices

Security-focused development skill covering OWASP Top 10 and secure coding. Use when implementing authentication, handling user data, or security review. Keywords: security, auth, authentication, authorization, OWASP, XSS, SQL injection, CSRF, secure

0 Updated today
cheemsiulord
Code & Development Listed

owasp-security

Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).

0 Updated today
Bbk-man
AI & Automation Listed

security

Application security best practices and patterns

0 Updated today
murtazatouqeer