secure
Installation
SKILL.md
Security
This skill is for securing your app's code and data. For regulatory compliance (HIPAA, SOC 2, GDPR), use compliance. For pre-launch readiness checks, use go-live. For environment variable setup during deployment, use deploy. For database-level security (Row Level Security), use database.
Don't Do Yet
- Don't implement OAuth/SSO until you have paying customers who need it. Email + password is fine for launch.
- Don't buy a pentest until you have 1,000+ users or handle sensitive data (health, finance). This checklist is enough for MVP.
- Don't set up a Web Application Firewall (WAF) — your hosting platform (Vercel, Railway) handles this. You don't need Cloudflare yet.
- Don't build your own auth system. Use Supabase Auth, Clerk, or NextAuth. Rolling your own is how breaches happen.