How does the skill report its findings?

It generates a detailed markdown file (usually security_best_practices_report.md) containing an executive summary, categorized findings by severity, and specific code line references.

What happens if my specific framework isn't in the references?

If specific documentation is missing, the skill falls back to general language security principles and well-known industry standards to provide the best possible guidance.

Does this skill automatically change my code?

No, it primarily generates reports or flags issues. While it can suggest and perform fixes, it does so one at a time and only upon your request to ensure functionality remains intact.

Which programming languages does the Security Best Practices skill support?

The skill currently provides specialized guidance for Python, JavaScript, TypeScript, and Go, including common frameworks associated with these languages.

Can I use this for general code reviews or debugging?

No, this skill is specifically designed to trigger only for security-related requests to maintain high-quality, specialized focus on vulnerabilities and secure patterns.

Security Best Practices

Name: Security Best Practices
Author: lev-os

bylev-os

•

セキュリティとテスト

Performs framework-specific security reviews and provides actionable guidance to implement secure-by-default coding patterns.

This skill acts as an automated security engineer within your development environment, specializing in identifying vulnerabilities and applying industry-standard best practices for Python, JavaScript/TypeScript, and Go. It systematically analyzes your project's stack to provide tailored guidance, generates prioritized vulnerability reports with impact statements, and helps remediate issues one-at-a-time to ensure code robustness without introducing regressions. Whether you are building a new application or auditing an existing codebase, this skill ensures your implementation follows secure patterns for both frontend and backend architectures.

主な機能

01Language-specific security audits for Python, Go, and JS/TS

02Secure-by-default code generation for new features and projects

031 GitHub stars

04Comprehensive markdown security reports with severity-based prioritization

05Guided remediation focusing on security fixes that preserve existing functionality

06Passive detection of critical vulnerabilities during active development

ユースケース

01Implementing secure-by-default patterns when starting a new project with unfamiliar frameworks

02Generating a formal security audit report before deploying a web application to production

03Remediating identified vulnerabilities in legacy code with clear impact explanations and commit messages

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add lev-os/agents security-best-practices

For use in Claude.ai and ChatGPT

主な機能

01Language-specific security audits for Python, Go, and JS/TS

02Secure-by-default code generation for new features and projects

031 GitHub stars

04Comprehensive markdown security reports with severity-based prioritization

05Guided remediation focusing on security fixes that preserve existing functionality

06Passive detection of critical vulnerabilities during active development

ユースケース

01Implementing secure-by-default patterns when starting a new project with unfamiliar frameworks

02Generating a formal security audit report before deploying a web application to production

03Remediating identified vulnerabilities in legacy code with clear impact explanations and commit messages