How does this skill handle secret management?

The skill enforces the use of Doppler for secret injection, providing clear patterns to ensure sensitive keys are never hardcoded or committed to git repositories.

What common vulnerabilities does this skill address?

It provides defensive patterns against the OWASP Top 10, specifically targeting XSS, SQL injection, insecure file uploads, and improper CORS configurations.

Does this support both TypeScript and Python stacks?

Yes, it provides specific implementation examples for TanStack Start (TypeScript/Zod) and FastAPI (Python/Pydantic/SQLModel).

How does it manage multi-tenant security?

It utilizes PostgreSQL Row Level Security (RLS) to ensure that users can only access data belonging to their specific tenant ID, preventing cross-tenant data leakage.

Grey Haven Security Practices

Name: Grey Haven Security Practices
Author: greyhaven-ai

bygreyhaven-ai

•

安全与测试

Enforces enterprise-grade security standards including multi-tenant isolation, secret management, and robust input validation for modern web stacks.

The Grey Haven Security Practices skill equips Claude with specialized knowledge to implement and audit security-critical features within TanStack Start and FastAPI applications. It provides standardized patterns for Doppler-based secret management, Zod and Pydantic validation, and strict Row Level Security (RLS) for multi-tenant data isolation. By applying these best practices, developers can proactively defend against the OWASP Top 10 vulnerabilities while ensuring consistent security configurations across development and production environments.

主要功能

01Integrated secret management using Doppler to prevent credential leakage

02Production-ready CORS, session security, and rate-limiting configurations

03Built-in protection patterns for XSS, SQL Injection, and Path Traversal

04Comprehensive input validation patterns for both TypeScript (Zod) and Python (Pydantic)

05Multi-tenant isolation through PostgreSQL Row Level Security (RLS) policies

0615 GitHub stars

使用场景

01Hardening authentication and session management for full-stack applications

02Migrating hardcoded secrets to secure environment variable management systems

03Implementing secure multi-tenant architectures with strict data boundaries

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add greyhaven-ai/claude-code-config security-practices

For use in Claude.ai and ChatGPT

Download Skill