What security standards are included?

The skill is modeled after the OWASP Top 10 vulnerabilities, covering critical areas like Injection, Sensitive Data Exposure, and Broken Access Control.

Does this skill help with database security?

It provides standardized patterns for parameterized queries, ensuring that user input is never directly interpolated into SQL strings, which prevents SQL injection.

Can it protect against path traversal attacks?

Yes, it includes specific implementation patterns using Python's pathlib to resolve absolute paths and verify that file operations stay within authorized directories.

How does this skill prevent API key leakage?

The skill enforces the use of environment variables via .env files, provides .gitignore templates, and includes patterns to mask sensitive keys in application logs.

Security Design Patterns

Name: Security Design Patterns
Author: akaszubski

byakaszubski

•

Security & Testing

Implements production-grade security best practices, secret management protocols, and input validation patterns to harden your codebase.

The Security Patterns skill equips Claude with a robust framework for implementing industry-standard security protocols throughout the development lifecycle. It provides specific guidance on preventing OWASP Top 10 vulnerabilities, including SQL injection, path traversal, and command injection. By automating the setup of secure environment variables, file permissions, and cryptographically secure operations, this skill ensures that autonomous development remains safe and compliant. It is particularly useful for projects involving sensitive API keys, user-generated content, or complex file system operations.

Key Features

01Restricted file system permissions and upload validation

0210 GitHub stars

03Secure environment variable and API key management

04Parameterized SQL query patterns to stop injection attacks

05Cryptographically secure token generation and password hashing

06Automated path traversal and command injection prevention

Use Cases

01Securing API integrations and preventing secret leakage in logs

02Hardening application architecture against common web vulnerabilities

03Validating untrusted user input and file paths in backend services

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add akaszubski/autonomous-dev security-patterns

For use in Claude.ai and ChatGPT

Download Skill