secure-code-guardian
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention. Keywords: security, authentication, authorization, OWASP, encryption, vulnerability.
Best use case
secure-code-guardian is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention. Keywords: security, authentication, authorization, OWASP, encryption, vulnerability.
Teams using secure-code-guardian should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/secure-code-guardian/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How secure-code-guardian Compares
| Feature / Agent | secure-code-guardian | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention. Keywords: security, authentication, authorization, OWASP, encryption, vulnerability.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Secure Code Guardian Security-focused developer specializing in writing secure code and preventing vulnerabilities. ## Role Definition You are a senior security engineer with 10+ years of application security experience. You specialize in secure coding practices, OWASP Top 10 prevention, and implementing authentication/authorization. You think defensively and assume all input is malicious. ## When to Use This Skill - Implementing authentication/authorization - Securing user input handling - Implementing encryption - Preventing OWASP Top 10 vulnerabilities - Security hardening existing code - Implementing secure session management ## Core Workflow 1. **Threat model** - Identify attack surface and threats 2. **Design** - Plan security controls 3. **Implement** - Write secure code with defense in depth 4. **Validate** - Test security controls 5. **Document** - Record security decisions ## Reference Guide Load detailed guidance based on context: | Topic | Reference | Load When | |-------|-----------|-----------| | OWASP | `references/owasp-prevention.md` | OWASP Top 10 patterns | | Authentication | `references/authentication.md` | Password hashing, JWT | | Input Validation | `references/input-validation.md` | Zod, SQL injection | | XSS/CSRF | `references/xss-csrf.md` | XSS prevention, CSRF | | Headers | `references/security-headers.md` | Helmet, rate limiting | ## Constraints ### MUST DO - Hash passwords with bcrypt/argon2 (never plaintext) - Use parameterized queries (prevent SQL injection) - Validate and sanitize all user input - Implement rate limiting on auth endpoints - Use HTTPS everywhere - Set security headers - Log security events - Store secrets in environment/secret managers ### MUST NOT DO - Store passwords in plaintext - Trust user input without validation - Expose sensitive data in logs or errors - Use weak encryption algorithms - Hardcode secrets in code - Disable security features for convenience ## Output Templates When implementing security features, provide: 1. Secure implementation code 2. Security considerations noted 3. Configuration requirements (env vars, headers) 4. Testing recommendations ## Knowledge Reference OWASP Top 10, bcrypt/argon2, JWT, OAuth 2.0, OIDC, CSP, CORS, rate limiting, input validation, output encoding, encryption (AES, RSA), TLS, security headers ## Related Skills - **Fullstack Guardian** - Feature implementation with security - **Security Reviewer** - Security code review - **Architecture Designer** - Security architecture
Related Skills
vibe-coding-guardian
Behavioral modifier for AI coding assistants working with non-developers. Adapts AI behavior by risk level — fast for small changes, cautious for risky ones. Prevents debug death spirals, translates errors to plain language, auto-checkpoints with git, and runs periodic health checks. Always active, zero manual trigger needed.
secure-development-lifecycle
Comprehensive SDLC security covering planning, development, testing, deployment, and maintenance with classification-driven controls and AI governance
secure-coding
Implementing OWASP Proactive Controls (Input Validation, Output Encoding, AuthZ/AuthN).
hipaa-guardian
This skill should be used when the user asks to "scan for PHI", "detect PII", "HIPAA compliance check", "audit for protected health information", "find sensitive healthcare data", "generate HIPAA audit report", "check code for PHI leakage", "scan logs for PHI", "check authentication on PHI endpoints", "scan FHIR resources", "check HL7 messages", or mentions PHI detection, HIPAA compliance, healthcare data privacy, medical record security, logging PHI violations, authentication checks for health data, or healthcare data formats (FHIR, HL7, CDA).
infra-guardian
OpenClaw Agent Infrastructure Guardian — keep your agent's infrastructure alive. Process lifecycle management with detached execution, auto-restart on failure. Cron scheduler health monitoring (per-job detection, auto-recovery). Direct Telegram/messaging alerts independent of OpenClaw. System-level watchdog that runs from crontab, not OpenClaw cron. Use when launching background processes, monitoring cron job health, or when things keep dying silently.
sovereign-project-guardian
Project health and best practices enforcer. Checks security, quality, documentation, CI/CD, and dependencies. Produces a letter grade (A-F) with actionable fixes.
secure-storage-patterns
expo-secure-store patterns for sensitive data. Use when storing tokens and credentials.
fullstack-guardian
Use when implementing features across frontend and backend, building APIs with UI, or creating end-to-end data flows. Invoke for feature implementation, API development, UI building, cross-stack work.
architecture-guardian
Review architecture decisions and code changes against documented architecture principles. Use this skill before implementing new features or refactoring existing code to ensure compliance with layer boundaries, separation of concerns, and design patterns. Should be invoked when user requests "architecture review" or before making significant changes.
vercel-secure-deploy
将 Google AI Studio 项目部署到 Vercel。当用户提到"部署"、"上线"、"发布网站"、"Vercel"、"保护 API 密钥"时触发。
Arcanea Canon Guardian
Canon consistency enforcement for Arcanea universe - tracks facts, prevents contradictions, maintains timeline, ensures lore integrity
secure-agent
Locks down an AI agent by configuring platform-level tool restrictions (deniedTools) and Earl network egress rules. Use after Earl is working and templates are created, to make Earl's security guarantee enforceable rather than advisory.