Is this skill specific to a certain framework?

While it is part of the mrp-nextjs repository, the core principles of input validation, sanitization, and secure defaults are applicable to almost any web framework.

Does it provide guidance on data handling?

Yes, it emphasizes minimizing data exposure, avoiding the logging of sensitive information, and treating all user input as hostile by default.

How does this skill help prevent XSS?

It enforces the use of proper encoding and sanitization while strictly discouraging dangerous patterns like dangerouslySetInnerHTML and raw HTML injection.

Does it support Content Security Policy (CSP)?

Yes, it provides guidance on implementing and respecting CSP to restrict unauthorized script and resource execution in the browser.

Can it help with authentication security?

Absolutely, it promotes secure credential storage, recommends HTTP-only cookies over localStorage, and ensures authorization is enforced on the server.

Web Security Best Practices

Name: Web Security Best Practices
Author: mrpitch

bymrpitch

0•

安全与测试

Enforces rigorous web security standards and prevents common vulnerabilities throughout the software development lifecycle.

The Web Security skill equips Claude with a security-first mindset, ensuring that application development prioritizes safety over convenience. It provides specific guidance on mitigating common risks like XSS and SQL injection by enforcing strict input validation, data sanitization, and secure encoding. By guiding developers through the implementation of robust authentication patterns, Content Security Policies (CSP), and secure data handling, this skill helps minimize the attack surface and ensures that security is baked into the code from the very first line.

主要功能

01Secure authentication and authorization patterns

020 GitHub stars

03Guidelines for minimizing data exposure and secret management

04Browser security API configuration including CSP and CORS

05XSS and SQL injection prevention strategies

06Input validation and data sanitization at boundaries

使用场景

01Configuring restrictive Content Security Policies for modern web applications

02Implementing secure authentication workflows using HTTP-only cookies

03Auditing existing code for potential security vulnerabilities and injection points

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mrpitch/mrp-claude-plugin web-security

For use in Claude.ai and ChatGPT

主要功能

01Secure authentication and authorization patterns

020 GitHub stars

03Guidelines for minimizing data exposure and secret management

04Browser security API configuration including CSP and CORS

05XSS and SQL injection prevention strategies

06Input validation and data sanitization at boundaries

使用场景

01Configuring restrictive Content Security Policies for modern web applications

02Implementing secure authentication workflows using HTTP-only cookies

03Auditing existing code for potential security vulnerabilities and injection points

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mrpitch/mrp-claude-plugin web-security

For use in Claude.ai and ChatGPT