How does this skill prevent API key leaks?

It enforces the use of environment variables and .env files while providing automated checks to ensure sensitive files are listed in .gitignore.

Can this skill help with database security?

Absolutely. It provides specific patterns for parameterized queries to eliminate the risk of SQL injection common in string interpolation.

Does it protect against path traversal attacks?

Yes, it provides implementation patterns using Path.resolve() and is_relative_to() to ensure file operations remain within authorized directories.

Is it compatible with local development environments?

Yes, this skill is specifically designed as part of the anyclaude-local repository for use with local setups like LMSTUDIO.

Security Patterns

Name: Security Patterns
Author: akaszubski

byakaszubski

•

安全与测试

Implements industry-standard security best practices for secret management, input validation, and secure coding patterns.

关于

The Security Patterns skill for Claude Code is a comprehensive security framework designed to safeguard your codebase against common vulnerabilities like those found in the OWASP Top 10. It provides specialized guidance for managing API keys through environment variables, preventing injection attacks, and securing file system operations. By enforcing strict validation patterns and path traversal protections, this skill ensures that developers maintain a high security posture while utilizing AI-driven coding workflows, particularly when working with local language models.

主要功能

Parameterized query templates to prevent SQL injection vulnerabilities
Secure API key management using .env and .gitignore best practices
Hardcoded secret detection and redaction guidance for logging
Automated input validation patterns for path traversal and command injection
2 GitHub stars
Secure file operation patterns with restricted system permissions

使用场景

Safely configuring environment variables for sensitive API integrations
Sanitizing user-provided file paths in backend file processing systems
Implementing cryptographically secure random generation for tokens and sessions

关于

主要功能

Parameterized query templates to prevent SQL injection vulnerabilities
Secure API key management using .env and .gitignore best practices
Hardcoded secret detection and redaction guidance for logging
Automated input validation patterns for path traversal and command injection
2 GitHub stars
Secure file operation patterns with restricted system permissions

使用场景

Safely configuring environment variables for sensitive API integrations
Sanitizing user-provided file paths in backend file processing systems
Implementing cryptographically secure random generation for tokens and sessions