AI Agent Skill HUB

security-validation-checklist

Guides security validation checklist: Signal protocol security, encryption standards, authentication patterns, data protection. Use when validating security, reviewing security implementations, or ensuring security compliance.

16 stars
bydiegosouzapw
View on GitHubInstallation ↓

Best use case

security-validation-checklist is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Guides security validation checklist: Signal protocol security, encryption standards, authentication patterns, data protection. Use when validating security, reviewing security implementations, or ensuring security compliance.

Teams using security-validation-checklist should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/security-validation-checklist/SKILL.md --create-dirs "https://raw.githubusercontent.com/diegosouzapw/awesome-omni-skill/main/skills/testing-security/security-validation-checklist/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/security-validation-checklist/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How security-validation-checklist Compares

Feature / Agentsecurity-validation-checklistStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Guides security validation checklist: Signal protocol security, encryption standards, authentication patterns, data protection. Use when validating security, reviewing security implementations, or ensuring security compliance.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Security Validation Checklist

## Security Components

### Authentication Security
- [ ] Secure authentication implemented (OAuth 2.0)
- [ ] Token security validated
- [ ] Session management secure
- [ ] Password hashing validated (SHA-256)

### Encryption Security
- [ ] Signal protocol encryption validated
- [ ] Key management secure
- [ ] Data encryption at rest
- [ ] Data encryption in transit

### Access Control
- [ ] User authentication required
- [ ] Role-based access control
- [ ] Permission checks in place
- [ ] Data access restrictions enforced

### Privacy Protection
- [ ] Personal data anonymized
- [ ] No PII in logs
- [ ] Secure data storage
- [ ] GDPR compliance verified

## Validation Pattern

```dart
/// Security Validator
/// 
/// Validates security implementations
class SecurityValidator {
  /// Validate authentication security
  Future<SecurityResult> validateAuthenticationSecurity() async {
    // Check password hashing
    final passwordHash = sha256.convert(utf8.encode('test'));
    final isPasswordHashingValid = passwordHash.bytes.length == 32;
    
    // Check session management
    final isSessionManagementValid = await _checkSessionManagement();
    
    // Check token security
    final isTokenSecurityValid = await _checkTokenSecurity();
    
    return SecurityResult(
      isCompliant: isPasswordHashingValid && 
                   isSessionManagementValid && 
                   isTokenSecurityValid,
      details: 'Authentication security validation',
    );
  }
  
  /// Validate encryption security
  Future<SecurityResult> validateEncryptionSecurity() async {
    // Check Signal protocol implementation
    // Check key management
    // Check encryption at rest
    // Check encryption in transit
  }
}
```

## Security Checklist

### Authentication
- [ ] OAuth 2.0 implementation
- [ ] Secure token storage
- [ ] Session expiration
- [ ] Password hashing (SHA-256)

### Encryption
- [ ] Signal protocol validated
- [ ] Key rotation implemented
- [ ] Secure key storage
- [ ] End-to-end encryption

### Access Control
- [ ] Authentication required
- [ ] Role-based permissions
- [ ] Data access restrictions
- [ ] Audit logging

### Privacy
- [ ] Data anonymization
- [ ] No PII in logs
- [ ] Secure storage
- [ ] GDPR compliance

## Reference

- `lib/core/services/security_validator.dart` - Security validation service
- `test/security/` - Security test suite
- `docs/security/` - Security documentation

Related Skills

web-security-testing

16
from diegosouzapw/awesome-omni-skill

Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.

typo3-security

16
from diegosouzapw/awesome-omni-skill

Security hardening checklist and best practices for TYPO3 v13/v14 installations, covering configuration, file permissions, and common vulnerabilities.

telecom-security

16
from diegosouzapw/awesome-omni-skill

Assess telecommunications infrastructure security including VoIP/SIP, SS7/Diameter, cellular networks, SMS-based authentication, and telephony-integrated applications. Identifies vulnerabilities in phone-based verification, call routing, and telecom protocol implementations. Use when auditing SMS 2FA, VoIP systems, IVR applications, or any telephony-dependent security controls.

tauri-security-rules

16
from diegosouzapw/awesome-omni-skill

Security-related rules for Tauri application development.

sqlserver-security

16
from diegosouzapw/awesome-omni-skill

Audits and hardens SQL Server security including login management, permission reviews, TDE encryption, SQL Server Audit configuration, and surface area reduction. Use when performing security reviews, setting up new instances, responding to security incidents, or preparing for compliance audits.

spring-security

16
from diegosouzapw/awesome-omni-skill

Spring Security 6 patterns for authentication, authorization, and OAuth2

solidity-security

16
from diegosouzapw/awesome-omni-skill

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementin...

software-security-appsec

16
from diegosouzapw/awesome-omni-skill

Modern application security patterns aligned with OWASP Top 10 (2021) and OWASP Top 10:2025 Release Candidate, OWASP API Security Top 10 (2023), NIST SSDF, zero trust, supply chain security, authentication, authorization, input validation, and cryptography.

slack-auth-security

16
from diegosouzapw/awesome-omni-skill

OAuth flows, token management, and security best practices for Slack apps. Use when implementing app distribution, multi-workspace installations, token storage and rotation, managing scopes and permissions, or securing production Slack applications.

securitytrails-automation

16
from diegosouzapw/awesome-omni-skill

Automate Securitytrails tasks via Rube MCP (Composio). Always search tools first for current schemas.

security

16
from diegosouzapw/awesome-omni-skill

Use this skill when designing or reviewing systems where security is a concern - authentication, authorization, data protection, input handling, or any system processing untrusted input. Applies adversarial thinking to specifications, designs, and implementations.

security-workflow

16
from diegosouzapw/awesome-omni-skill

Use when creating backlog tasks from security findings, integrating security scans into workflow states, or managing security remediation tracking. Invoked for security workflow integration and task automation.