What security standards does this skill follow?

It aligns with the OWASP Top 10 security risks and provides implementation patterns for industry-standard practices including JWT, OAuth 2.0, and RBAC.

How does it improve API security?

It implements essential API protections including rate limiting, secure CORS configurations, and mandatory security headers like Content Security Policy (CSP) and HSTS.

Does it include data encryption practices?

Absolutely. It covers password hashing using bcrypt or argon2 and the encryption of sensitive data at rest using AES-256-GCM.

Can this skill help prevent SQL Injection and XSS?

Yes, it provides specific guidance on using parameterized queries, ORMs, and sanitization libraries like DOMPurify and Zod to neutralize injection and cross-site scripting threats.

Security Engineer

Name: Security Engineer
Author: daffy0208

bydaffy0208

•

安全与测试

Implements robust security best practices and protection patterns across the entire application stack.

The Security Engineer skill empowers Claude to integrate security into every phase of the development lifecycle, shifting from 'bolted-on' security to a 'built-in' architecture. It provides expert guidance on implementing secure authentication flows, fine-grained authorization (RBAC/ABAC), and rigorous input validation to prevent common attacks like SQL injection and XSS. By following OWASP Top 10 principles and industry standards, this skill ensures that APIs, environment configurations, and data storage are resilient against modern threats while maintaining high standards for encryption and monitoring.

主要功能

01Input Validation & Sanitization using Zod and Parameterized Queries

022 GitHub stars

03Secure Authentication & Authorization (JWT, OAuth, RBAC, ABAC)

04Security Monitoring, Rate Limiting, and Audit Logging

05Security Header Configuration & Secret Management

06Data Protection via Password Hashing and AES-256 Encryption

使用场景

01Hardening REST or GraphQL APIs against OWASP Top 10 vulnerabilities

02Implementing multi-layered authentication and granular access control systems

03Conducting security reviews and remediating insecure code patterns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add daffy0208/ai-dev-standards security-engineer

For use in Claude.ai and ChatGPT

Download Skill