How does this skill handle API key storage?

It implements a secure architecture where keys are encrypted using AES-GCM before being stored in IndexedDB. The master key is derived via PBKDF2 and kept only in memory.

Does it provide protection against brute-force attacks?

Yes, it includes patterns for implementing rate limiting using Upstash Redis to restrict request frequency based on user IP.

What validation library is recommended by this skill?

The skill utilizes Zod for creating strict schemas for API keys, user inputs, and internal request objects to ensure data integrity.

Is this compatible with Next.js projects?

Yes, it includes specific implementation patterns for Next.js Middleware to handle security headers like CSP, HSTS, and X-Frame-Options.

Security Design Patterns

Name: Security Design Patterns
Author: dzhechko

bydzhechko

0•

安全与测试

Implements robust security layers including client-side encryption, API key management, and schema-based input validation.

The Security Patterns skill provides a comprehensive framework for securing modern AI applications, focusing on protecting sensitive credentials and user data. It implements enterprise-grade client-side secrets management using PBKDF2 key derivation and AES-GCM encryption, ensuring API keys for services like OpenAI or ElevenLabs are never stored in plain text. Beyond encryption, it provides standardized patterns for Zod-based input validation, Next.js security middleware, and Redis-backed rate limiting, offering a holistic approach to preventing common vulnerabilities like XSS, injection, and credential leakage.

主要功能

01Schema-based input validation using Zod for API integrity

02Rate limiting implementations using Upstash Redis for API protection

03Client-side AES-GCM encryption for secure API key handling

04Next.js middleware configurations for strict Content Security Policies (CSP)

050 GitHub stars

06Encrypted IndexedDB storage with auto-locking master key logic

使用场景

01Securing third-party AI provider credentials in browser-based applications

02Standardizing security headers and validation across Next.js and TypeScript projects

03Implementing non-persistent, memory-only master key architectures for high-security tools

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dzhechko/2026-jan-pu-vibecoding security-patterns

For use in Claude.ai and ChatGPT

Download Skill