Can this skill help with authentication setup?

Yes, it provides implementation guidance for secure session management, OAuth protocols, and multi-factor authentication (MFA).

Is this skill specific to a certain programming language?

No, the security principles and checks provided apply across all modern programming languages and web frameworks.

Does it manage sensitive API keys or secrets?

It enforces the best practice of never storing sensitive data in version control and suggests secure storage methods like environment variables or secret managers.

How does the security skill help identify vulnerabilities?

The skill analyzes code for common risks like SQL injection, XSS, and broken access control, suggesting immediate secure alternatives and best practices.

Security & Secure Coding

Name: Security & Secure Coding
Author: OpenHands

byOpenHands

•

セキュリティとテスト

Implements industry-standard security protocols and best practices for secure application development and data protection.

概要

The Security skill for Claude Code acts as a specialized guardrail and advisor for building resilient, production-ready software. It focuses on identifying vulnerabilities early, enforcing robust authentication and authorization patterns, and ensuring the principle of least privilege is applied across the codebase. By integrating these practices, the skill helps developers secure sensitive data, sanitize inputs to prevent injection attacks, and manage sessions securely, making it an essential tool for any project handling user data or external API integrations.

主な機能

Guidance on secure session management and credential handling
Automated security vulnerability identification and inline remediation
Implementation of secure authentication and authorization patterns
Best practices for error handling to prevent sensitive data leakage
Input validation and data sanitization to prevent injection attacks
40 GitHub stars

ユースケース

Conducting security reviews of new features before merging into production
Hardening API endpoints and securing database connection configurations
Implementing complex permission-based access control (RBAC) systems

概要

主な機能

Guidance on secure session management and credential handling
Automated security vulnerability identification and inline remediation
Implementation of secure authentication and authorization patterns
Best practices for error handling to prevent sensitive data leakage
Input validation and data sanitization to prevent injection attacks
40 GitHub stars

ユースケース

Conducting security reviews of new features before merging into production
Hardening API endpoints and securing database connection configurations
Implementing complex permission-based access control (RBAC) systems