Is this suitable for smart contract development?

Absolutely, it includes specific checks for contract pausing, migration guards, and replayed signatures, making it highly effective for web3 security.

Does this skill help with data privacy compliance?

Yes, it includes specific workflows for data stewardship, classifying sensitive information like PII and ensuring encryption and retention rules are met.

How does this skill improve code security?

It enforces a proactive security checklist including threat modeling, secret management, and validation layers before any code is delivered.

Can it prevent secret leaks in my repository?

The skill provides guidance on storing secrets in approved managers and guarding environment variables to ensure credentials never enter logs or version control.

Security & Safety Mindset

Name: Security & Safety Mindset
Author: tjboudreaux

bytjboudreaux

0•

Security & Testing

Implements proactive threat modeling, least-privilege design, and robust safety guardrails into every code change.

The Security & Safety Mindset skill empowers Claude to act as a security-conscious engineer, treating every modification as a potential attack surface or failure amplifier. It provides a structured framework for conducting rapid threat modeling, enforcing data stewardship for PII and sensitive assets, and validating authentication and authorization paths. By integrating validation layers, secret management protocols, and dependency hygiene directly into the development workflow, this skill ensures that security is baked into the design rather than added as an afterthought, making it essential for teams building mission-critical or compliance-heavy software.

Key Features

01Rigorous validation layers for entry points and state changes

02Automated secret management and configuration guarding

03Proactive threat modeling for identifying attack surfaces

04Least-privilege access and identity validation protocols

05Data stewardship and classification for PII and payments

060 GitHub stars

Use Cases

01Auditing third-party dependencies and reviewing changelogs for vulnerabilities

02Securing cloud infrastructure changes with least-privilege permission scopes

03Hardening API endpoints against unauthorized access and malicious payloads

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add tjboudreaux/cc-engineering-skills eng-security-safety

For use in Claude.ai and ChatGPT

Download Skill