How does this handle rate limiting?

It provides configurations for both global API rate limiting and stricter, specialized limits for sensitive endpoints like authentication and registration.

Is this skill suitable for production environments?

Yes, the patterns provided are designed for production-ready security and include checklists to ensure no critical layers are missed before deployment.

Does this skill work with frameworks other than Express?

Yes, while it provides detailed Express examples, it also includes implementation patterns for Python FastAPI and Nginx configurations.

Does it include CORS configuration?

Yes, the skill provides guidance on restricting CORS to allowed origins to prevent unauthorized cross-origin requests.

Can it help prevent SQL injection and XSS?

Absolutely. It includes specific input validation, data sanitization, and security headers designed to mitigate injection and cross-site scripting attacks.

API Security Hardening

Name: API Security Hardening
Author: secondsky

bysecondsky

•

セキュリティとテスト

Hardens REST APIs with production-grade security layers including authentication, rate limiting, and robust input validation.

The API Security Hardening skill provides a comprehensive framework for securing RESTful services against common vulnerabilities and exploits. It equips Claude with the patterns needed to implement multi-layered defense-in-depth strategies, covering everything from Express and FastAPI middleware to Nginx configuration and security headers. Whether you are performing a security audit or building a new production service, this skill ensures your API implements industry-standard protections like HSTS, CSP, and sophisticated rate limiting to prevent injection attacks, CORS issues, and unauthorized access.

主な機能

01Comprehensive input validation and data sanitization patterns

02Granular rate limiting for general API usage and sensitive auth routes

03Production-ready security checklists and 'Never Do' anti-patterns

04Automated security header implementation (CSP, HSTS, X-Frame-Options)

0511 GitHub stars

06Pre-configured security middleware stacks for Express and FastAPI

ユースケース

01Configuring Nginx and backend middleware for high-security environments

02Securing a production Node.js or Python API against OWASP Top 10 threats

03Remediating vulnerabilities found during security audits or penetration tests

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add secondsky/claude-skills api-security-hardening

For use in Claude.ai and ChatGPT

Download Skill