Does this skill detect vulnerabilities automatically?

No, this skill is specifically for remediation. To detect vulnerabilities, you should use the vulnerability-patterns skill.

Which programming languages are covered?

The skill provides secure implementation patterns for Python, Java, JavaScript (Node.js), and PHP.

How does it help with secret management?

It provides code examples for moving away from hardcoded credentials toward environment variables, configuration files, and secret managers like AWS Secrets Manager or HashiCorp Vault.

What security standards does this skill follow?

The remediation patterns are aligned with OWASP Application Security Verification Standard (ASVS) requirements and industry best practices.

Authentication Security Remediation

Name: Authentication Security Remediation
Author: Zate

byZate

0•

Security & Testing

Provides language-specific patterns and secure implementations for fixing authentication and authorization vulnerabilities in codebases.

The remediation-auth skill equips developers with actionable fix patterns for critical security issues involving hardcoded credentials, insecure JWT configurations, unsafe deserialization, and missing access controls. It serves as a specialized guide within Claude Code, offering secure implementation examples for multiple languages like Python, Java, and Node.js to ensure codebases meet OWASP ASVS standards. This skill is ideal for security audits, remediation sprints, and integrating secure-by-default practices into the software development lifecycle.

Key Features

01Mitigates unsafe deserialization risks using JSON and safe loaders

02Provides cross-language support for Python, JavaScript, Java, and PHP

03Implements robust access control via middleware, decorators, and ownership checks

04Fixes hardcoded secrets by migrating to environment variables and secret managers

05Secures JWT implementations with explicit algorithm enforcement and strong keys

060 GitHub stars

Use Cases

01Refactoring legacy code to remove hardcoded API keys and database passwords

02Hardening JWT-based authentication after a security audit identifies weak configurations

03Adding granular authorization checks to API endpoints to prevent unauthorized data access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zate/cc-plugins remediation-auth

For use in Claude.ai and ChatGPT

Download Skill