Does it assist with authentication setup?

Yes, it helps implement secure password hashing using bcrypt or argon2, JWT management, session security, and multi-factor authentication (MFA).

Can it help with OWASP Top 10 compliance?

Yes, it includes specific patterns and checklists to address the entire OWASP Top 10, including broken access control and injection.

Which frameworks does this security skill support?

This skill provides specialized, deep security guidance specifically tailored for React, Next.js, and NestJS environments.

How does this skill handle sensitive data and secrets?

It provides implementation patterns for encryption at rest and in transit, and guides developers on using environment variables rather than hardcoding secrets.

Application Security Expert

Name: Application Security Expert
Author: shipshitdev

byshipshitdev

•

安全与测试

Implements comprehensive security protocols and audits for modern web applications using framework-specific best practices and OWASP standards.

The Security Expert skill serves as a virtual security architect for developers building with React, Next.js, and NestJS. It provides automated guidance for identifying and mitigating OWASP Top 10 vulnerabilities, establishing robust authentication and authorization flows (RBAC, JWT, MFA), and hardening application infrastructure with proper security headers and data protection. Whether you are performing a pre-production audit or setting up a new project's security architecture, this skill ensures your code adheres to industry-standard security benchmarks and minimizes the attack surface of your software.

主要功能

01Automated OWASP Top 10 vulnerability assessment and mitigation

02Security configuration for CORS, CSP, and HTTP headers

03Comprehensive authentication and RBAC authorization implementation

04Data protection via secure hashing, encryption, and secrets management

05Framework-specific security patterns for React, Next.js, and NestJS

0610 GitHub stars

使用场景

01Auditing a NestJS backend for broken access control and injection flaws

02Setting up secure JWT management and multi-factor authentication in Next.js

03Hardening a React application's Content Security Policy and input validation

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add shipshitdev/library security-expert

For use in Claude.ai and ChatGPT

Download Skill