Can this skill help with command-line tool security?

Yes, it includes specific implementation guides for the OAuth 2.0 Device Authorization Flow, which is the standard for securing CLI, TUI, and desktop applications.

What languages does Security Core support?

Security Core provides specialized security guidance, implementation patterns, and middleware templates for TypeScript (Node.js), Python (FastAPI), and Rust (Axum).

Does it include automated security scanning?

The skill includes the audit_security.sh script which runs dependency vulnerability scanners like npm audit, pip-audit, and cargo-audit, while also checking for hardcoded secrets.

How does it handle database-level security?

It provides comprehensive patterns for Row Level Security (RLS) specifically for Supabase and PostgreSQL to ensure strict data isolation in multi-tenant environments.

Does it cover modern web vulnerabilities?

Yes, it is aligned with the OWASP Top 10, providing actionable prevention guides for risks like Injection, XSS, CSRF, and Broken Access Control.

Security Core

Name: Security Core
Author: aaronbassett

byaaronbassett

0•

Security & Testing

Implements comprehensive application security layers including robust authentication, granular authorization, and OWASP-compliant hardening for modern software stacks.

Security Core serves as a specialized security engineering companion for Claude Code, providing the necessary guidance to build, audit, and harden applications in TypeScript, Python, and Rust. It offers a deep repository of implementation patterns for complex scenarios like OAuth Device Flows for CLI tools and multi-tenant Row Level Security (RLS) for Supabase. By combining automated auditing scripts with detailed checklists for the OWASP Top 10, secrets management, and security headers, this skill ensures that security is integrated into every stage of the development lifecycle rather than being an afterthought.

Key Features

01Comprehensive authorization models featuring RBAC, ABAC, and Supabase RLS

02Advanced authentication patterns including JWT, OAuth2, and MFA

03Automated security auditing and dependency vulnerability scanning scripts

04Detailed OWASP Top 10 mitigation strategies and code review checklists

05Production-ready security middleware templates for Express, FastAPI, and Axum

060 GitHub stars

Use Cases

01Hardening multi-tenant SaaS applications using PostgreSQL Row Level Security

02Implementing secure OAuth 2.0 Device Flows for CLI or desktop applications

03Conducting automated security audits to detect secrets and vulnerable dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add aaronbassett/aaronbassett-marketplace security-core

For use in Claude.ai and ChatGPT

Download Skill