What security standards are included?

The skill is modeled after the OWASP Top 10 vulnerabilities, covering critical areas like Injection, Sensitive Data Exposure, and Broken Access Control.

Does this skill help with database security?

It provides standardized patterns for parameterized queries, ensuring that user input is never directly interpolated into SQL strings, which prevents SQL injection.

Can it protect against path traversal attacks?

Yes, it includes specific implementation patterns using Python's pathlib to resolve absolute paths and verify that file operations stay within authorized directories.

How does this skill prevent API key leakage?

The skill enforces the use of environment variables via .env files, provides .gitignore templates, and includes patterns to mask sensitive keys in application logs.

Security Design Patterns

Name: Security Design Patterns
Author: akaszubski

byakaszubski

•

Security & Testing

Implements production-grade security best practices, secret management protocols, and input validation patterns to harden your codebase.

About

The Security Patterns skill equips Claude with a robust framework for implementing industry-standard security protocols throughout the development lifecycle. It provides specific guidance on preventing OWASP Top 10 vulnerabilities, including SQL injection, path traversal, and command injection. By automating the setup of secure environment variables, file permissions, and cryptographically secure operations, this skill ensures that autonomous development remains safe and compliant. It is particularly useful for projects involving sensitive API keys, user-generated content, or complex file system operations.

Key Features

Restricted file system permissions and upload validation
10 GitHub stars
Secure environment variable and API key management
Parameterized SQL query patterns to stop injection attacks
Cryptographically secure token generation and password hashing
Automated path traversal and command injection prevention

Use Cases

Securing API integrations and preventing secret leakage in logs
Hardening application architecture against common web vulnerabilities
Validating untrusted user input and file paths in backend services

About

Key Features

Restricted file system permissions and upload validation
10 GitHub stars
Secure environment variable and API key management
Parameterized SQL query patterns to stop injection attacks
Cryptographically secure token generation and password hashing
Automated path traversal and command injection prevention

Use Cases

Securing API integrations and preventing secret leakage in logs
Hardening application architecture against common web vulnerabilities
Validating untrusted user input and file paths in backend services