abzhaw/api-security
.agent/skills/api-security/SKILL.md
Auth patterns, rate limiting, input validation, CORS, HTTPS. Use when securing Julia's backend API, bridge, or any HTTP endpoint.
development
Updated Mar 27, 2026
$ install --global
skillsauthnpx skillsauth add abzhaw/juliaz_agents api-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 30, 2026, 11:47 AM57.1s1 file scanned
SKILL.md
- name:
- api-security
- description:
- Auth patterns, rate limiting, input validation, CORS, HTTPS. Use when securing Julia's backend API, bridge, or any HTTP endpoint.
API Security
Input Validation (Zod)
import { z } from 'zod';
const CreateTaskSchema = z.object({
title: z.string().min(1).max(500).trim(),
priority: z.enum(['low', 'medium', 'high']).default('medium'),
});
app.post('/tasks', (req, res) => {
const result = CreateTaskSchema.safeParse(req.body);
if (!result.success) return res.status(400).json({ error: result.error.flatten() });
// use result.data — fully typed and validated
});
Rate Limiting
import rateLimit from 'express-rate-limit';
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100,
message: { error: 'Too many requests' }
});
app.use('/api', limiter);
CORS
import cors from 'cors';
app.use(cors({
origin: ['http://localhost:3002'], // only allow frontend
methods: ['GET', 'POST', 'PATCH', 'DELETE'],
credentials: true,
}));
API Key Auth (simple internal services)
const API_KEY = process.env.INTERNAL_API_KEY;
function requireApiKey(req: Request, res: Response, next: NextFunction) {
if (req.headers['x-api-key'] !== API_KEY) {
return res.status(401).json({ error: 'Unauthorized' });
}
next();
}
app.use('/api', requireApiKey);
Security Headers
import helmet from 'helmet';
app.use(helmet()); // sets X-Frame-Options, CSP, HSTS, etc.
Julia's Security Surface
- Backend (port 3000): Docker-internal only, not exposed to internet
- Bridge (port 3001): localhost only, no auth (internal)
- Frontend (port 3002): public if forwarded, add auth if needed
- cowork-mcp (port 3003): localhost only
Related Skills
abzhaw/thesis-tracker
development
VerifiedTrustedCommunity
Fortschrittsverfolgung der Masterarbeit. Wortanzahl pro Kapitel, Fertigstellungsgrad, fehlende Elemente, Deadlines. Haelt den Ueberblick.
SKILL.mdUpdated Mar 27, 2026
abzhaw/thesis-structure
development
VerifiedTrustedCommunity
Kapitelarchitektur und Gliederung der Masterarbeit. Verwaltet die Struktur, schlaegt vor wo Inhalte hingehoeren, validiert den logischen Fluss zwischen Kapiteln.
SKILL.mdUpdated Mar 27, 2026
abzhaw/session-synthesizer
tools
VerifiedTrustedCommunity
Konvertiert Protokolleinträge und Session-Logs in thesis-fähiges deutsches Narrativ. Transformiert Entwicklungsdokumentation in akademische Prosa.
SKILL.mdUpdated Mar 27, 2026
abzhaw/research-scout
research
VerifiedTrustedCommunity
Sucht und analysiert akademische Literatur. Findet relevante Papers, erstellt strukturierte Zusammenfassungen. Zitiert NIEMALS — schlaegt nur vor.
SKILL.mdUpdated Mar 27, 2026