What security standards does this skill use?

The skill compares your code against industry-standard benchmarks including OWASP ASVS and CIS, providing a hardening scorecard at higher depth levels.

Can it analyze my infrastructure configurations?

Yes, the skill scans for reverse proxy and CDN configurations (like Nginx or AWS ALB) to ensure security headers are correctly managed at the network level.

Which frameworks are supported for security reviews?

It supports a wide range of stacks including Express, Django, FastAPI, Next.js, Spring, Rails, and ASP.NET by identifying framework-specific security middleware.

How does this differ from a standard vulnerability scanner?

While vulnerability scanners find what is currently broken, the Harden skill identifies what could be better—focusing on proactive defense-in-depth measures that reduce the risk of future exploits.

Can I export the hardening suggestions as a document?

Yes, by using the --format md flag, you can generate a structured security hardening report and checklist in Markdown format.

Security Hardener

Name: Security Hardener
Author: florianbuetow

byflorianbuetow

•

Security & Testing

Strengthens application security by identifying and implementing defense-in-depth measures, security headers, and proactive coding patterns.

The Security Hardener skill provides an automated way to enhance the security posture of your codebase beyond simple vulnerability scanning. It analyzes your specific technology stack to recommend missing security headers (like CSP and HSTS), evaluate CORS configurations, audit input validation patterns, and suggest robust rate-limiting and logging strategies. By focusing on reducing the blast radius of potential future vulnerabilities, it helps developers implement industry-standard best practices from OWASP and CIS benchmarks directly within their Claude Code development workflow.

Key Features

01Configurable analysis depth ranging from quick header checks to expert-level security benchmark comparisons

02Comprehensive input validation reviews against schemas like Zod, Joi, or Pydantic

03Identification of missing rate-limiting on sensitive endpoints like authentication and file uploads

04Deep audit of CORS configurations to prevent unauthorized cross-origin resource access

056 GitHub stars

06Automated security header analysis for web applications and reverse proxy configurations

Use Cases

01Preparing a production-ready web application by applying industry-standard security headers and defensive middleware

02Reviewing a legacy codebase to identify and fix information disclosures in error messages and logs

03Strengthening API security by auditing input validation logic and implementing least-privilege access patterns

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code harden

For use in Claude.ai and ChatGPT

Download Skill