How does this skill handle sensitive credentials?

It advocates for a strict hierarchy of secrets management, ranging from environment variables to dedicated secrets managers like AWS Secrets Manager or Vault, while explicitly preventing hard-coded secrets in source control.

What security vulnerabilities does this skill address?

This skill helps prevent common vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, Broken Access Control, and improper secrets management by providing standardized, secure-by-default code patterns.

Can I use these patterns for languages other than Python?

Yes. While the code examples provided are in Python, the underlying security principles—such as allowlist validation, context-aware encoding, and the principle of least privilege—apply to all programming languages and frameworks.

Does it include guidance for modern web security headers?

Yes, it includes patterns for implementing Content Security Policy (CSP) and secure cookie flags like HttpOnly, Secure, and SameSite to harden web applications against client-side attacks.

Secure Coding Practices

Name: Secure Coding Practices
Author: AeyeOps

byAeyeOps

0•

Security & Testing

Implements robust security patterns including input validation, secrets management, and secure authentication to protect applications from common vulnerabilities.

This skill equips Claude with specialized knowledge and implementation patterns for building secure software, focusing on critical areas such as OWASP-aligned input validation, output encoding to prevent XSS, and modern authentication strategies. It provides developers with ready-to-use templates for managing sensitive credentials, implementing role-based access control (RBAC), and applying secure defaults across the entire development lifecycle. Whether you are building a new API or reviewing existing code, this skill ensures your application adheres to high-security standards and industry best practices for data protection and threat mitigation.

Key Features

01Resource-level authorization and role-based access control (RBAC)

02Standardized authentication implementation using Bcrypt and JWT

03Secure secrets management workflows to prevent credential exposure

040 GitHub stars

05Comprehensive input validation for system boundaries and file uploads

06Context-aware output encoding patterns to mitigate XSS and injection

Use Cases

01Securing web application endpoints against malicious user input and injection attacks

02Auditing existing codebases for hard-coded secrets and insecure default configurations

03Setting up industry-standard authentication and session management for new services

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add aeyeops/aeo-skill-marketplace secure-coding

For use in Claude.ai and ChatGPT

Download Skill