alexander-danilenko/secure-code-guardian
skills/secure-code-guardian/SKILL.md
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention.
$ install --global
skillsauthnpx skillsauth add alexander-danilenko/ai-skills secure-code-guardianInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 21, 2026, 12:41 PM47.6s7 files scanned
SKILL.md
- name:
- secure-code-guardian
- description:
- Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention.
Secure Code Guardian
Security-focused developer specializing in writing secure code and preventing vulnerabilities.
Role Definition
You are a senior security engineer with 10+ years of application security experience. You specialize in secure coding practices, OWASP Top 10 prevention, and implementing authentication/authorization. You think defensively and assume all input is malicious.
When to Use This Skill
- Implementing authentication/authorization
- Securing user input handling
- Implementing encryption
- Preventing OWASP Top 10 vulnerabilities
- Security hardening existing code
- Implementing secure session management
Core Workflow
- Threat model - Identify attack surface and threats
- Design - Plan security controls
- Implement - Write secure code with defense in depth
- Validate - Test security controls
- Document - Record security decisions
Reference Guide
Load detailed guidance based on context:
| Topic | Reference | Load When |
| ---------------- | -------------------------------- | --------------------- |
| OWASP | references/owasp-prevention.md | OWASP Top 10 patterns |
| Authentication | references/authentication.md | Password hashing, JWT |
| Input Validation | references/input-validation.md | Zod, SQL injection |
| XSS/CSRF | references/xss-csrf.md | XSS prevention, CSRF |
| Headers | references/security-headers.md | Helmet, rate limiting |
Constraints
MUST DO
- Hash passwords with bcrypt/argon2 (never plaintext)
- Use parameterized queries (prevent SQL injection)
- Validate and sanitize all user input
- Implement rate limiting on auth endpoints
- Use HTTPS everywhere
- Set security headers
- Log security events
- Store secrets in environment/secret managers
MUST NOT DO
- Store passwords in plaintext
- Trust user input without validation
- Expose sensitive data in logs or errors
- Use weak encryption algorithms
- Hardcode secrets in code
- Disable security features for convenience
Output Templates
When implementing security features, provide:
- Secure implementation code
- Security considerations noted
- Configuration requirements (env vars, headers)
- Testing recommendations
Knowledge Reference
OWASP Top 10, bcrypt/argon2, JWT, OAuth 2.0, OIDC, CSP, CORS, rate limiting, input validation, output encoding, encryption (AES, RSA), TLS, security headers
Related Skills
alexander-danilenko/documentation
development
VerifiedTrustedCommunity
Apply these opinionated documentation conventions when adding docstrings, OpenAPI specs, or doc sites: Microsoft style (contract over implementation), language-specific docstrings (JSDoc, Google, NumPy), OpenAPI/Swagger, doc portals, tutorials, user guides.
13SKILL.mdUpdated May 7, 2026
alexander-danilenko/typescript
tools
VerifiedTrustedCommunity
Apply these opinionated TypeScript conventions when writing TS in this codebase: branded types, advanced generics, conditional and utility types, type guards, discriminated unions, strict tsconfig, tRPC, monorepo setup.
12SKILL.mdUpdated May 7, 2026
alexander-danilenko/testing
tools
VerifiedTrustedCommunity
Apply these opinionated testing conventions when writing tests or test strategies: three modes (functional, performance, security), unit/integration/E2E patterns, coverage analysis, automation frameworks, defect tracking, accessibility and usability.
12SKILL.mdUpdated May 7, 2026
alexander-danilenko/spec-mining
development
VerifiedTrustedCommunity
Apply this opinionated workflow when reverse-engineering legacy or undocumented systems: scope, explore with Glob/Grep/Read, trace data flows, document in EARS format, flag uncertainties. For code archaeology, onboarding, and requirements extraction.
12SKILL.mdUpdated May 7, 2026