How does this skill help prevent SQL injection?

The skill provides patterns for using parameterized queries and modern ORMs like Drizzle or Prisma, ensuring user input is never concatenated directly into SQL statements.

Does this skill follow industry security standards?

Absolutely. The skill is built around core principles like Defense in Depth, Principle of Least Privilege, and the OWASP Top 10 framework.

Can this skill help me manage API keys and passwords?

Yes, it includes specific guidance on environment variable management, .gitignore configurations, and pre-commit hooks to prevent sensitive data from being committed to Git.

What authentication methods does it support?

It provides implementation patterns for password hashing with Argon2, secure session management with cookies, and JWT best practices including algorithm enforcement.

Security Best Practices

Name: Security Best Practices
Author: hgeldenhuys

byhgeldenhuys

•

Security & Testing

Implements secure coding standards, vulnerability prevention, and robust secret management patterns to harden applications.

The Security Practices skill provides Claude Code with a comprehensive framework for identifying and mitigating security risks throughout the development lifecycle. It offers structured guidance on preventing OWASP Top 10 vulnerabilities, implementing secure authentication patterns, and enforcing strict input validation. By integrating these best practices, developers can proactively defend against injection attacks, cross-site scripting (XSS), and data leaks while ensuring that sensitive credentials never enter version control. Whether you are building an API from scratch or reviewing an existing codebase, this skill ensures security is a first-class citizen in your development workflow.

Key Features

01Input validation and sanitization using schema-based libraries like Zod

02Secure authentication templates including Argon2 hashing and JWT best practices

031 GitHub stars

04Automated secret management strategies and pre-commit hook configurations

05Vulnerability prevention patterns for SQLi, XSS, and Command Injection

06Security-focused code review prompts tailored for authentication and session logic

Use Cases

01Auditing existing API endpoints for OWASP Top 10 vulnerabilities

02Implementing production-grade authentication with secure cookie handling

03Setting up environment-specific secret management and leak prevention

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hgeldenhuys/claude-code-sdk security-practices

For use in Claude.ai and ChatGPT

Download Skill