FRmicrow/security
.agents/skills/security/SKILL.md
Security audits and vulnerability remediation. Use when auditing code for SQL injection, XSS, or handling sensitive data.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add FRmicrow/dataFootV1 securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 2:00 AM4.9s1 file scanned
SKILL.md
- name:
- security
- description:
- Security audits and vulnerability remediation. Use when auditing code for SQL injection, XSS, or handling sensitive data.
Security Skill
This skill provides expertise in ensuring the safety and integrity of the statFootV3 project.
When to use
Use this skill for:
- Auditing code for common vulnerabilities (OWASP Top 10).
- Hardening the application against SQL injection and XSS.
- Managing sensitive data and secrets (using
.env). - Implementing secure authentication and session management.
- Ensuring secure communication (HTTPS, CSP).
Hard Rules (CRITICAL)
- Secrets: NEVER commit secrets (passwords, API keys) to version control. Use environmental variables.
- SQLi: ALWAYS use parameterized queries. No exceptions.
- XSS: Sanitize all user-inputted data before rendering it in the UI.
- CSRF: Implement CSRF protection for all mutating requests (POST, PUT, DELETE).
- Headers: Use
helmetor similar middleware to set secure HTTP headers.
Best Practices
- Sanitization: Use libraries like
DOMPurify(frontend) andvalidator(backend) to sanitize input. - Rate Limiting: Implement rate limiting on sensitive endpoints (login, forgot password).
- Audit: Regularly run dependency audits (
npm audit) and update vulnerable packages. - Least Privilege: Ensure the database user has only the necessary permissions.
Integration
- Works with the
backendskill to implement secure logic. - Works with the
devopsskill to ensure secure deployments. - Supports the
web-devskill by providing secure UI patterns.
Related Skills
FRmicrow/unit-testing-node
development
VerifiedTrustedCommunity
Écrire des tests unitaires Node.js. Utiliser quand on teste une fonction isolée avec Vitest dans backend/test/.
SKILL.mdUpdated Apr 16, 2026
FRmicrow/integration-testing
testing
VerifiedTrustedCommunity
Tester l'intégration entre services. Utiliser quand on vérifie l'interaction contrôleur/service avec Supertest + Vitest.
SKILL.mdUpdated Apr 16, 2026
FRmicrow/frontend-testing-react
development
VerifiedTrustedCommunity
Tester les composants React avec Vitest + Testing Library. Utiliser quand on teste le rendu ou les interactions.
SKILL.mdUpdated Apr 16, 2026
FRmicrow/e2e-testing-playwright
testing
VerifiedTrustedCommunity
Écrire des tests end-to-end Playwright. Utiliser quand on teste l'application complète du point de vue utilisateur.
SKILL.mdUpdated Apr 16, 2026