Agent skill
security-practices
Security practices including secrets management, input validation, SSRF prevention, and production hardening. Use for security-sensitive code.
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/development/security-practices
SKILL.md
security-practices
Quick Start
- All secrets in environment variables (never in config files)
- Validate inputs at system boundaries
- Sanitize error responses (no stack traces in production)
- Use HTTPS for all external connections
Key Principles
- Environment variables for all secrets
- SSRF prevention (block internal IP ranges)
- Development vs Production mode separation
- Rigorous input validation
References
See rules.md for complete conventions.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?