ReddRadar
Agent skill
hootsuite-security-basics
Apply Hootsuite security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Hootsuite security configuration. Trigger with phrases like "hootsuite security", "hootsuite secrets", "secure hootsuite", "hootsuite API key security".
Install this agent skill to your Project
npx add-skill https://github.com/jeremylongshore/claude-code-plugins-plus-skills/tree/main/plugins/saas-packs/hootsuite-pack/skills/hootsuite-security-basics
SKILL.md
Hootsuite Security Basics
Credential Inventory
| Credential | Scope | Rotation |
|---|---|---|
| Client ID | App-level | Never (app identifier) |
| Client Secret | App-level | Rotate if compromised |
| Access Token | User session | Auto-expires (~1 hour) |
| Refresh Token | User session | Rotate on each refresh |
Instructions
Step 1: Secure Token Storage
# .env (never commit)
HOOTSUITE_CLIENT_ID=app_client_id
HOOTSUITE_CLIENT_SECRET=app_secret
HOOTSUITE_ACCESS_TOKEN=current_token
HOOTSUITE_REFRESH_TOKEN=refresh_token
Step 2: Token Refresh Security
// Always use HTTPS for token exchange
// Store refresh tokens encrypted at rest
// Rotate refresh tokens on each use (Hootsuite returns new ones)
async function secureRefresh(refreshToken: string) {
const res = await fetch('https://platform.hootsuite.com/oauth2/token', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': `Basic ${Buffer.from(`${process.env.HOOTSUITE_CLIENT_ID}:${process.env.HOOTSUITE_CLIENT_SECRET}`).toString('base64')}`,
},
body: new URLSearchParams({ grant_type: 'refresh_token', refresh_token: refreshToken }),
});
const tokens = await res.json();
// Store new refresh_token, discard old one
return tokens;
}
Step 3: Security Checklist
- Client secret in secrets vault, never in code
- Access tokens never logged or exposed
- Refresh tokens stored encrypted
- HTTPS for all OAuth requests
- Pre-commit hook blocks
HOOTSUITE_credential leaks - Separate OAuth apps for dev/staging/prod
Resources
Next Steps
For production, see hootsuite-prod-checklist.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
jeremylongshore/claude-code-plugins-plus-skills
dockerfile-generator
Dockerfile Generator - Auto-activating skill for DevOps Basics. Triggers on: dockerfile generator, dockerfile generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
branch-naming-helper
Branch Naming Helper - Auto-activating skill for DevOps Basics. Triggers on: branch naming helper, branch naming helper Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
readme-generator
Readme Generator - Auto-activating skill for DevOps Basics. Triggers on: readme generator, readme generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
makefile-generator
Makefile Generator - Auto-activating skill for DevOps Basics. Triggers on: makefile generator, makefile generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
gitignore-generator
Gitignore Generator - Auto-activating skill for DevOps Basics. Triggers on: gitignore generator, gitignore generator Part of the DevOps Basics skill category.
jeremylongshore/claude-code-plugins-plus-skills
pre-commit-hook-setup
Pre Commit Hook Setup - Auto-activating skill for DevOps Basics. Triggers on: pre commit hook setup, pre commit hook setup Part of the DevOps Basics skill category.
Didn't find tool you were looking for?