Skills

secure-code-guardian

Installation
SKILL.md

Secure Code Guardian

Core Workflow

  1. Threat model — Identify attack surface and threats
  2. Design — Plan security controls
  3. Implement — Write secure code with defense in depth; see code examples below
  4. Validate — Test security controls with explicit checkpoints (see below)
  5. Document — Record security decisions

Validation Checkpoints

After each implementation step, verify:

  • Authentication: Test brute-force protection (lockout/rate limit triggers), session fixation resistance, token expiration, and invalid-credential error messages (must not leak user existence).
  • Authorization: Verify horizontal and vertical privilege escalation paths are blocked; test with tokens belonging to different roles/users.
  • Input handling: Confirm SQL injection payloads (' OR 1=1--) are rejected; confirm XSS payloads (<script>alert(1)</script>) are escaped or rejected.
  • Headers/CORS: Validate with a security scanner (e.g., curl -I, Mozilla Observatory) that security headers are present and CORS origin allowlist is correct.
Installs
3.0K
Repository
jeffallan/claude-skills
GitHub Stars
9.9K
First Seen
Jan 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
secure-code-guardian — jeffallan/claude-skills