Can I use this for production environment security?

Yes, it includes specific patterns for environment-specific tokens and least privilege access designed for production-grade security and compliance.

What Lokalise token types does it support?

The skill covers Read-only, Read-write, and OAuth2 tokens, helping you choose and implement the right permission level for your specific use case.

Does it support webhook verification?

Absolutely. It includes timing-safe comparison logic to verify the X-Secret header sent by Lokalise webhooks, preventing timing attacks and unauthorized requests.

How does this skill help prevent API token leaks?

It provides patterns for environment variable configuration, .gitignore setup, and pre-commit hooks that scan for sensitive Lokalise patterns before code is pushed to a repository.

Lokalise Security Basics

Name: Lokalise Security Basics
Author: jeremylongshore

byjeremylongshore

•

1,243

セキュリティとテスト

Implements security best practices for Lokalise API tokens, webhook secrets, and access control within your localization workflow.

概要

Lokalise Security Basics provides essential patterns for securing your localization infrastructure, ensuring that API tokens and webhook secrets are handled according to industry standards. It guides developers through implementing environment-specific access controls, least privilege principles, and robust webhook signature verification to prevent unauthorized access. Use this skill to audit your current Lokalise configuration, automate token rotation, or set up secure CI/CD pipelines that protect your translation assets from exposure.

主な機能

Security audit logging and pre-commit secret scanning patterns
1,243 GitHub stars
Webhook signature verification with timing-safe comparisons
Secure environment variable configuration and .gitignore management
Implementation of least privilege access via scoped API tokens
Step-by-step token rotation and revocation procedures

ユースケース

Implementing environment-specific tokens for Dev, Staging, and Production
Auditing an existing Lokalise integration for potential security vulnerabilities
Setting up secure webhook endpoints for real-time translation updates

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills lokalise-security-basics

For use in Claude.ai and ChatGPT

Download Skill

GitHub

概要