Does it handle database injection?

It provides patterns for sanitizing inputs against SQL injection via parameterized queries and NoSQL injection by stripping MongoDB operators from user input.

Which validation libraries are supported?

The skill focuses on industry-standard tools like Zod for TypeScript, Joi for JavaScript, and class-validator for NestJS frameworks to ensure type-safe boundaries.

Can it help with browser-based attacks?

Yes, it enforces security headers using Helmet.js, covering CSP, HSTS, and X-Frame-Options to mitigate XSS, sniffing, and clickjacking.

How does this skill help with rate limiting?

It provides implementation patterns for Redis-backed token bucket and sliding window algorithms to prevent DoS attacks on public and authenticated endpoints.

API Security & Hardening

Name: API Security & Hardening
Author: hjemmesidekongen

byhjemmesidekongen

0•

API 开发

Implements defense-in-depth security measures including rate limiting, input validation, and secure header configurations for robust API protection.

The API Security skill provides specialized guidance for hardening web services against common vulnerabilities and malicious abuse. It automates critical security checkpoints for rate limiting, input validation using schemas like Zod, and CORS configuration to prevent unauthorized cross-origin access. By integrating industry-standard practices such as Helmet.js for security headers and advanced sanitization techniques to prevent SQL and NoSQL injection, this skill ensures that backend services are production-ready and resilient against DoS attacks, data corruption, and browser-based exploits.

主要功能

01Comprehensive security header configuration via Helmet.js for CSP, HSTS, and X-Frame-Options.

02Strict CORS management using explicit origin allowlisting to prevent credential leakage.

03Injection prevention patterns for SQL, NoSQL, Path Traversal, and XSS attacks.

040 GitHub stars

05Automated rate limiting enforcement using Redis-backed token bucket or sliding window algorithms.

06Type-safe input validation and schema enforcement with Zod, Joi, or class-validator.

使用场景

01Auditing and refactoring legacy API code to meet modern security headers and validation standards.

02Implementing multi-level rate limiting to protect authentication and high-traffic routes from DoS.

03Hardening public-facing REST or GraphQL endpoints before a production deployment.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hjemmesidekongen/ai api-security

For use in Claude.ai and ChatGPT