
from secure-claude-skills7
Automated and manual security tests for web apps: CSRF, rate limiting, input validation, security headers and pre-deployment checklist.
This skill provides a structured security-testing workflow for web applications, including automated scripts and manual checks that verify CSRF protection, rate limiting, input validation, security headers, authentication/authorization, and dependency vulnerabilities. It collates test commands, expected outputs, and a pre-deployment checklist to ensure security controls are working before release.
Use this skill before deployments, during CI/CD security jobs, or when auditing an application for common web vulnerabilities. Triggers include pre-deployment testing, regression testing after security fixes, or a quick checklist run when onboarding a repo.
npm audit) and CI integration.Best suited for agents and CI runners that can execute shell/node scripts and parse outputs: Claude Code, Copilot/Codex-style code runners, and CI automation agents. It assumes access to the repo and a testable deployment or local server.
A documentation-only skill providing security testing checklists and example curl/bash commands for web apps (CSRF, rate limiting, input validation, security headers, auth). No bundled scripts — all instructions are manual test commands targeting localhost:3000. Well-structured content but project-specific (references Clerk, Stripe, Convex) rather than generic.
Not malicious — the XSS and SQLi payloads are standard testing examples for security verification. The skill is essentially a well-written security testing guide/checklist rather than an executable skill. Would be more useful with actual bundled test scripts.