Does it support OPA Rego policy validation?

Yes, it checks for 'package http' headers, default deny policies (default allow = false), and proper status code configurations.

Does it check for exposed secrets?

Yes, it specifically flags 'clientId' or 'clientSecret' fields that use plain values instead of the recommended 'secretKeyRef' for better security.

Can it fix my middleware pipeline order?

The skill identifies incorrect ordering, such as authentication occurring before rate limiting, and provides the recommended 'httpPipeline' configuration.

What Dapr middleware types are supported?

It supports a wide range including OAuth2, Client Credentials, Bearer tokens, OPA, Rate Limit, Sentinel, Router Alias, and WASM middleware.

Dapr Middleware Validator

Name: Dapr Middleware Validator
Author: Sahib-Sawhney-WH

bySahib-Sawhney-WH

•

Security & Testing

Validates Dapr HTTP middleware configurations to ensure security best practices, correct pipeline ordering, and proper secret management.

The Dapr Middleware Validator is a specialized skill for Claude Code that automates the auditing of Dapr HTTP middleware component files. It systematically checks configuration YAMLs for common security pitfalls like plain-text credentials, insecure HTTP endpoints, and incorrect middleware execution order. Whether you are setting up OAuth2, OPA policies, or rate limiting, this skill provides real-time feedback and actionable recommendations to ensure your distributed application's API gateway remains secure and performant before deployment.

Key Features

01HTTPS protocol enforcement for authentication and token URLs

02Reasonableness checks for rate limiting and traffic control parameters

03Automated security auditing for OAuth2, Bearer, and OPA middleware

043 GitHub stars

05Validation of middleware pipeline ordering to prevent security bypasses

06Detection of hardcoded secrets and enforcement of secretKeyRef usage

Use Cases

01Hardening Dapr API security before production deployment

02Troubleshooting failed middleware pipelines or authentication flows

03Automating code reviews for Dapr middleware component configurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sahib-sawhney-wh/sahibs-claude-plugin-marketplace middleware-validator

For use in Claude.ai and ChatGPT

Download Skill

Key Features

01HTTPS protocol enforcement for authentication and token URLs

02Reasonableness checks for rate limiting and traffic control parameters

03Automated security auditing for OAuth2, Bearer, and OPA middleware

043 GitHub stars

05Validation of middleware pipeline ordering to prevent security bypasses

06Detection of hardcoded secrets and enforcement of secretKeyRef usage

Use Cases

01Hardening Dapr API security before production deployment

02Troubleshooting failed middleware pipelines or authentication flows

03Automating code reviews for Dapr middleware component configurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sahib-sawhney-wh/sahibs-claude-plugin-marketplace middleware-validator

For use in Claude.ai and ChatGPT

Download Skill