How does this skill improve Evernote OAuth security?

It provides standardized patterns for implementing CSRF protection using state parameters, validates callback URLs, and enforces HTTPS-only endpoints for the OAuth 1.0a flow.

Does it include support for token encryption?

Yes, it guides you through encrypting access tokens at rest using AES-256-GCM before database storage, ensuring tokens are only decrypted during active API calls.

What kind of input validation is provided?

The skill includes sanitization rules for Evernote Markup Language (ENML), specifically validating note titles, tag names, and stripping forbidden HTML elements.

How does it handle sensitive information in logs?

It provides a redaction utility that masks access tokens and consumer secrets in log outputs, showing only a few characters for debugging correlation without exposing the full secret.

Evernote Security Basics

Name: Evernote Security Basics
Author: jeremylongshore

byjeremylongshore

•

1,901

•

安全与测试

Implements security best practices for Evernote API integrations including secure OAuth flows and encrypted token storage.

This skill provides comprehensive guidance and implementation patterns for securing Evernote integrations. It helps developers apply industry-standard protection measures such as AES-256-GCM token encryption, CSRF-protected OAuth 1.0a flows, and environment-based credential management. By using this skill, developers can ensure their Evernote-connected applications handle sensitive user data safely, maintain robust input validation for ENML content, and implement redacted logging to prevent accidental data leaks.

主要功能

01AES-256-GCM encryption for access tokens at rest

02ENML-specific input validation and metadata sanitization

03Secure OAuth 1.0a implementation with CSRF state protection

04Redacted logging utilities for sensitive API credentials

05Proactive token lifecycle and expiration tracking

061,901 GitHub stars

使用场景

01Hardening production-ready Evernote integrations against security vulnerabilities

02Implementing compliant token rotation and storage policies for Evernote users

03Setting up secure credential management and secrets validation in new projects

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills evernote-security-basics

For use in Claude.ai and ChatGPT

主要功能

01AES-256-GCM encryption for access tokens at rest

02ENML-specific input validation and metadata sanitization

03Secure OAuth 1.0a implementation with CSRF state protection

04Redacted logging utilities for sensitive API credentials

05Proactive token lifecycle and expiration tracking

061,901 GitHub stars

使用场景

01Hardening production-ready Evernote integrations against security vulnerabilities

02Implementing compliant token rotation and storage policies for Evernote users

03Setting up secure credential management and secrets validation in new projects

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills evernote-security-basics

For use in Claude.ai and ChatGPT