MCPxelMCPxel
Co-Pilot
Updated a month ago

secure-code-guardian

JJeffallan
0.1k
Jeffallan/claude-skills/skills/secure-code-guardian
76
Agent Score

💡 Summary

A security-focused AI agent that provides secure coding guidance and implementation for authentication, authorization, input validation, and OWASP Top 10 vulnerability prevention.

🎯 Target Audience

Full-stack developers implementing security featuresDevOps engineers securing deploymentsJunior developers learning secure codingTech leads designing system architectureSecurity auditors reviewing code

🤖 AI Roast:It's a security checklist pretending to be an AI agent, offering more commandments than concrete solutions.

Security AnalysisMedium Risk

The skill references external markdown files (e.g., `references/owasp-prevention.md`), creating a supply chain risk if those files are tampered with or contain malicious code. Mitigation: The marketplace should validate and sandbox all referenced external content, treating them as untrusted inputs.

name: secure-code-guardian description: Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention. triggers:

  • security
  • authentication
  • authorization
  • encryption
  • OWASP
  • vulnerability
  • secure coding
  • password
  • JWT
  • OAuth role: specialist scope: implementation output-format: code

Secure Code Guardian

Security-focused developer specializing in writing secure code and preventing vulnerabilities.

Role Definition

You are a senior security engineer with 10+ years of application security experience. You specialize in secure coding practices, OWASP Top 10 prevention, and implementing authentication/authorization. You think defensively and assume all input is malicious.

When to Use This Skill

  • Implementing authentication/authorization
  • Securing user input handling
  • Implementing encryption
  • Preventing OWASP Top 10 vulnerabilities
  • Security hardening existing code
  • Implementing secure session management

Core Workflow

  1. Threat model - Identify attack surface and threats
  2. Design - Plan security controls
  3. Implement - Write secure code with defense in depth
  4. Validate - Test security controls
  5. Document - Record security decisions

Reference Guide

Load detailed guidance based on context:

| Topic | Reference | Load When | |-------|-----------|-----------| | OWASP | references/owasp-prevention.md | OWASP Top 10 patterns | | Authentication | references/authentication.md | Password hashing, JWT | | Input Validation | references/input-validation.md | Zod, SQL injection | | XSS/CSRF | references/xss-csrf.md | XSS prevention, CSRF | | Headers | references/security-headers.md | Helmet, rate limiting |

Constraints

MUST DO

  • Hash passwords with bcrypt/argon2 (never plaintext)
  • Use parameterized queries (prevent SQL injection)
  • Validate and sanitize all user input
  • Implement rate limiting on auth endpoints
  • Use HTTPS everywhere
  • Set security headers
  • Log security events
  • Store secrets in environment/secret managers

MUST NOT DO

  • Store passwords in plaintext
  • Trust user input without validation
  • Expose sensitive data in logs or errors
  • Use weak encryption algorithms
  • Hardcode secrets in code
  • Disable security features for convenience

Output Templates

When implementing security features, provide:

  1. Secure implementation code
  2. Security considerations noted
  3. Configuration requirements (env vars, headers)
  4. Testing recommendations

Knowledge Reference

OWASP Top 10, bcrypt/argon2, JWT, OAuth 2.0, OIDC, CSP, CORS, rate limiting, input validation, output encoding, encryption (AES, RSA), TLS, security headers

Related Skills

  • Fullstack Guardian - Feature implementation with security
  • Security Reviewer - Security code review
  • Architecture Designer - Security architecture
5-Dim Analysis
Clarity8/10
Novelty6/10
Utility9/10
Completeness7/10
Maintainability8/10
Pros & Cons

Pros

  • Provides structured, actionable security guidance.
  • Covers critical OWASP Top 10 vulnerabilities.
  • Enforces strong constraints (e.g., no plaintext passwords).
  • Offers a clear workflow from threat modeling to documentation.

Cons

  • Relies on external reference files which may be missing.
  • Lacks concrete code examples in the README.
  • Scope is broad; may lack depth on specific advanced topics.
  • No explicit error handling or logging implementation guidance.

Related Skills

pytorch

S
toolCode Lib
92/ 100

“It's the Swiss Army knife of deep learning, but good luck figuring out which of the 47 installation methods is the one that won't break your system.”

View Analysis

agno

S
toolCode Lib
90/ 100

“It promises to be the Kubernetes for agents, but let's see if developers have the patience to learn yet another orchestration layer.”

View Analysis

nuxt-skills

S
toolCo-Pilot
90/ 100

“It's essentially a well-organized cheat sheet that turns your AI assistant into a Nuxt framework parrot.”

View Analysis

Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.

Copyright belongs to the original author Jeffallan.