Secure Code Guardian

Trust Score 86/100

Provides concrete guidance and code examples to implement authentication, authorization, input validation, and other defenses against OWASP Top 10 vulnerabiliti

triggers:securityauthenticationauthorizationinput validationOWASPpasswordJWTsecure coding

GitHub SKILL.md

What it does

Secure Code Guardian gives an engineering-focused playbook for designing, implementing, and validating web application security controls. It walks through threat modeling, defensive design, and concrete implementation patterns (password hashing, parameterized SQL, JWT validation, input validation with Zod, security headers, rate limiting) and provides code examples and validation checkpoints so engineers can ship secure features with repeatable tests.

When to use it

Invoke this skill when building or reviewing authentication/authorization flows, handling user input, configuring tokens or sessions, or hardening endpoints against OWASP Top 10 classes (XSS, SQLi, broken auth, etc.). It fits pull-request reviews, security design sessions, and implementation checklists before release.

What's included

Scripts: none bundled (has_references=true; see references/ in the repo)
References: OWASP prevention, authentication, input-validation, XSS/CSRF, security-headers docs included in repository references
Instructions: stepwise workflow (threat model → design → implement → validate → document) plus concrete code examples for bcrypt, parameterized SQL, Zod validation, JWT verification, and secure Express endpoints

Compatible agents

Broadly applicable to code-focused agents that can produce and review code (Claude Code, Copilot-style assistants, Codex/GitHub Copilot).

Audit Summary

Secure Code Guardian is a reference-style skill providing OWASP Top 10 secure coding guidance with concrete TypeScript/Node.js code examples for password hashing, parameterized queries, input validation, JWT handling, and endpoint security. Well-structured SKILL.md with clear MUST DO/MUST NOT DO constraints and validation checkpoints. No bundled scripts — purely a reference/knowledge skill. Security posture is strong: explicitly advocates against hardcoding secrets, recommends env vars, uses parameterized queries, and promotes constant-time comparison. Minor deduction for referencing process.env.JWT_SECRET! without noting fallback validation, and the full-flow example uses 'your-app' as issuer which could be copied literally.

Watch Out

JWT_SECRET accessed via process.env.JWT_SECRET! with no runtime guard — could crash or use undefined
Example uses hardcoded issuer 'your-app' that developers might not change
No scripts to test — purely static reference material

Notes

Solid security-focused skill with good code examples and clear constraints. No malicious patterns detected. Advocates for security best practices throughout. Architecture follows skill spec with frontmatter, references section, and code examples. Could improve with more specific trigger conditions and a tighter description.

Information

Repository: claude-skills
Stars: 8,729
Installs: 0

Trust Score

Overall86

Security92

Code Quality82

Architecture76

Usefulness78

Related Skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

Clerk Vue Patterns

Vue 3 integration patterns for Clerk: composables, router guards, and Pinia auth store integration.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Cognitive Accessibility Specialist

Audits content, forms and authentication flows for cognitive accessibility (WCAG 2.2 / COGA) and gives prioritized remediation and plain-language guidance.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

radar — Smart Contract AST & Security Analysis

Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r

Back to Skills