Does this skill detect vulnerabilities automatically?

No, this skill is specifically for remediation. To detect vulnerabilities, you should use the vulnerability-patterns skill.

Which programming languages are covered?

The skill provides secure implementation patterns for Python, Java, JavaScript (Node.js), and PHP.

How does it help with secret management?

It provides code examples for moving away from hardcoded credentials toward environment variables, configuration files, and secret managers like AWS Secrets Manager or HashiCorp Vault.

What security standards does this skill follow?

The remediation patterns are aligned with OWASP Application Security Verification Standard (ASVS) requirements and industry best practices.

Authentication Security Remediation

Name: Authentication Security Remediation
Author: Zate

byZate

安全与测试

Provides language-specific patterns and secure implementations for fixing authentication and authorization vulnerabilities in codebases.

关于

The remediation-auth skill equips developers with actionable fix patterns for critical security issues involving hardcoded credentials, insecure JWT configurations, unsafe deserialization, and missing access controls. It serves as a specialized guide within Claude Code, offering secure implementation examples for multiple languages like Python, Java, and Node.js to ensure codebases meet OWASP ASVS standards. This skill is ideal for security audits, remediation sprints, and integrating secure-by-default practices into the software development lifecycle.

主要功能

Mitigates unsafe deserialization risks using JSON and safe loaders
Provides cross-language support for Python, JavaScript, Java, and PHP
Implements robust access control via middleware, decorators, and ownership checks
Fixes hardcoded secrets by migrating to environment variables and secret managers
Secures JWT implementations with explicit algorithm enforcement and strong keys
0 GitHub stars

使用场景

Refactoring legacy code to remove hardcoded API keys and database passwords
Hardening JWT-based authentication after a security audit identifies weak configurations
Adding granular authorization checks to API endpoints to prevent unauthorized data access

关于

主要功能

Mitigates unsafe deserialization risks using JSON and safe loaders
Provides cross-language support for Python, JavaScript, Java, and PHP
Implements robust access control via middleware, decorators, and ownership checks
Fixes hardcoded secrets by migrating to environment variables and secret managers
Secures JWT implementations with explicit algorithm enforcement and strong keys
0 GitHub stars

使用场景

Refactoring legacy code to remove hardcoded API keys and database passwords
Hardening JWT-based authentication after a security audit identifies weak configurations
Adding granular authorization checks to API endpoints to prevent unauthorized data access