Does this skill work with Phoenix LiveView?

Yes, it specifically focuses on LiveView security by ensuring that authorization checks are performed not just at mount, but within every handle_event callback.

How are secrets managed with this skill?

It enforces the practice of moving all sensitive credentials and API keys out of the codebase and into runtime.exs using environment variables.

Can it help with preventing Denial of Service (DoS) attacks?

It protects against atom exhaustion DoS by preventing the use of String.to_atom on user-provided input, enforcing String.to_existing_atom instead.

How does this skill prevent SQL injection in Elixir?

It identifies and blocks string interpolation in database fragments, instead enforcing the use of Ecto's pin operator (^) for safe, parameterized queries.

Elixir & Phoenix Security

Name: Elixir & Phoenix Security
Author: oliver-kriska

byoliver-kriska

•

安全与测试

Hardens Elixir and Phoenix applications by enforcing industry-standard security patterns and preventing common vulnerabilities.

This skill empowers Claude with deep expertise in securing the Elixir and Phoenix ecosystem. It enforces a set of 'Iron Laws' including boundary validation, timing-safe authentication, and mandatory re-authorization in LiveView events. By providing specialized guidance on Ecto query safety, atom exhaustion prevention, and secure secrets management, it helps developers build production-ready applications that are resilient against SQL injection, CSRF, and cross-site scripting (XSS).

主要功能

0162 GitHub stars

02Implements timing-safe authentication patterns with Argon2

03Secures Phoenix LiveView events with mandatory re-authorization

04Provides guidance for CSP, CSRF, and secure header configuration

05Prevents atom exhaustion and SQL injection through code pattern analysis

06Enforces 'Iron Laws' for input validation and secret management

使用场景

01Auditing Elixir codebases for common vulnerabilities like SSRF and path traversal

02Hardening Phoenix LiveView applications against unauthorized state changes

03Implementing secure RBAC and authentication systems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add oliver-kriska/claude-elixir-phoenix security

For use in Claude.ai and ChatGPT

Download Skill