How are file uploads secured?

It validates file magic bytes rather than just extensions, enforces UUID filenames, and ensures files are stored outside the web root via authenticated endpoints.

What database safety measures are included?

The skill requires parameterized queries to prevent SQL injection, enforces soft deletes (deleted_at), and mandates the NUMERIC type for all currency data.

How does this skill handle user authentication?

It enforces Argon2id hashing for passwords and uses Redis-backed sessions instead of JWTs to ensure maximum security and state control.

Does it support Stripe payment security?

Yes, it mandates using Stripe Checkout Sessions to avoid handling raw card data and requires signature verification for all incoming webhooks.

Can it help with CI/CD security?

Yes, it provides a checklist for integrating security tools like gitleaks, bandit, and Trivy into your pipeline to block high-risk code changes.

PatriotForge Security Operations

Name: PatriotForge Security Operations
Author: aka-kolton

byaka-kolton

0•

보안 및 테스팅

Enforces rigorous security standards and full-stack protection protocols across the PatriotForge ERP ecosystem.

This skill serves as an automated security auditor and architect for the PatriotForge ERP, ensuring that every code change adheres to high-stakes security requirements. It provides specialized guidance on implementing Argon2id authentication, Redis-backed session management, and secure Stripe payment integrations. By enforcing rules for parameterized database queries, Pydantic input validation, and CI/CD security gates, it helps developers prevent common vulnerabilities like SQL injection, CSRF, and broken access control while maintaining a detailed audit trail for financial records.

주요 기능

01Strict Argon2id authentication and Redis-backed session management protocols.

020 GitHub stars

03Database safety enforcement including parameterized queries and soft-delete logic.

04Secure Stripe integration patterns using Checkout Sessions and idempotent webhooks.

05Automated CI/CD security gate configurations for Trivy, Bandit, and Gitleaks.

06Comprehensive input validation using Pydantic and magic byte file verification.

사용 사례

01Hardening API endpoints against injection, CSRF, and unauthorized data access.

02Auditing authentication and authorization logic for ERP compliance.

03Implementing secure financial transaction flows and webhook handlers.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add aka-kolton/patriotforge-claude-plugin security

For use in Claude.ai and ChatGPT

Download Skill