Can this skill be used for infrastructure changes?

Absolutely. It applies least-privilege design principles and safety guardrails to both application code and infrastructure-as-code deployments.

Does it manage secrets and credentials?

Yes, it enforces strict rules against logging secrets and ensures they are stored in the project's approved secret manager rather than in code.

Does it support data compliance?

It helps classify data types like PII or payment info and enforces rules for encryption, retention, and data locality to assist with compliance.

How does this skill help with threat modeling?

The skill provides a workflow to enumerate entry points, identify potential abusers, and assess the impact of failures before any code is delivered.

Engineering Security & Safety

Name: Engineering Security & Safety
Author: tjboudreaux

bytjboudreaux

•

セキュリティとテスト

Implements proactive threat modeling and security-first development practices to minimize attack surfaces and ensure data safety.

The Engineering Security & Safety skill integrates a rigorous security-focused mindset into the development lifecycle, ensuring that every code or infrastructure change is treated as a potential attack surface. It provides Claude with a systematic framework for performing quick threat modeling, data classification, and least-privilege design. By guiding the implementation of safety guardrails—such as rate limits, input validation, and secure secret management—this skill helps developers bake security into their projects from the start rather than as an afterthought, ensuring compliance and operational resilience.

主な機能

01Secure secret management and environment variable protection

02Data stewardship and classification for PII and sensitive assets

03Identity and access management (IAM) path validation

04Rapid threat modeling for all code and infrastructure changes

051 GitHub stars

06Dependency hygiene and automated vulnerability scanning

ユースケース

01Hardening API endpoints and entry points against unauthorized access

02Reviewing third-party libraries and dependencies for security risks

03Implementing safety guardrails and input validation for production systems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add tjboudreaux/cc-plugin-engineering-excellence eng-security-safety

For use in Claude.ai and ChatGPT

Download Skill