Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

alti3/litestar-security

Name: litestar-security
Author: alti3

plugins/litestar/skills/litestar-security/SKILL.md

npx skillsauth add alti3/litestar-skills litestar-security

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Security

Use this skill when a Litestar service needs defense-in-depth security implementation, not only authentication wiring.

For full implementation patterns, open references/security-patterns.md.

Execution Workflow

Define public, authenticated, and privileged route classes first.
Choose the authentication mechanism and attach it once at app scope.
Keep request parsing concerns separate from identity establishment.
Consume authenticated context from request.user / request.auth only after auth runs.
Apply guards for authorization and ownership checks.
Normalize 401 and 403 behavior intentionally and document exclusions.
Store and compare secrets safely.

Implementation Rules

Keep authentication separate from authorization.
Parse client inputs with litestar-requests; do not re-parse headers or cookies manually inside guards unless the protocol truly requires it.
Treat request.user and request.auth as authenticated context, not as generic request-parsing helpers.
Prefer built-in security backends before custom middleware.
Keep guard functions deterministic and side-effect free.
Make exclusion rules narrow, explicit, and tested.
Use NotAuthorizedException for identity failures and PermissionDeniedException for insufficient privileges unless the project has a documented alternative contract.
Keep secrets in SecretString / SecretBytes and compare them with constant-time primitives when relevant.

Decision Guide

Use litestar-authentication when the task is mostly identity establishment and token/session flow wiring.
Use this skill when auth, authorization, secret handling, exclusion rules, and failure behavior must be reviewed together.
Use guards when policy depends on authenticated context plus route intent.
Use route opt and exclude_opt_key only when public-route exceptions are deliberate and auditable.

Validation Checklist

Confirm unauthenticated requests receive the intended 401 behavior.
Confirm insufficient privileges receive the intended 403 behavior.
Confirm guards accumulate across Litestar layers where expected.
Confirm public-route exclusions are minimal and explicit.
Confirm secrets never appear in logs, repr output, or error payloads.
Confirm request parsing and auth context responsibilities stay separate.
Confirm tests cover missing credentials, invalid credentials, expired or revoked tokens, and insufficient permissions.

Cross-Skill Handoffs

Use litestar-authentication when the task is narrow and auth-only.
Use litestar-requests for request parsing, secret-bearing headers/body parameters, and multipart/form transport rules.
Use litestar-exception-handling to standardize 401 and 403 response contracts.
Use litestar-testing for auth boundary, guard, exclusion, and regression tests.
Use litestar-openapi to publish security schemes and auth docs for clients.

Litestar References

https://docs.litestar.dev/latest/usage/security/index.html
https://docs.litestar.dev/latest/usage/security/abstract-authentication-middleware.html
https://docs.litestar.dev/latest/usage/security/security-backends.html
https://docs.litestar.dev/latest/usage/security/guards.html
https://docs.litestar.dev/latest/usage/security/excluding-and-including-endpoints.html
https://docs.litestar.dev/latest/usage/security/jwt.html
https://docs.litestar.dev/latest/usage/security/secret-datastructures.html

alti3/litestar-security

plugins/litestar/skills/litestar-security/SKILL.md

Build secure Litestar APIs using authentication middleware, built-in security backends, guards, endpoint inclusion and exclusion controls, JWT validation, request-boundary discipline, and secret-safe data handling. Use when implementing or auditing end-to-end API security controls in Litestar. Do not use for generic request parsing, unrelated business logic, or non-security transport concerns.

5 stars

development

Updated Apr 3, 2026

$ install --global

skillsauth

npx skillsauth add alti3/litestar-skills litestar-security

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 20, 2026, 3:21 PM1.8s1 file scanned

SKILL.md

name:: litestar-security
description:: Build secure Litestar APIs using authentication middleware, built-in security backends, guards, endpoint inclusion and exclusion controls, JWT validation, request-boundary discipline, and secret-safe data handling. Use when implementing or auditing end-to-end API security controls in Litestar. Do not use for generic request parsing, unrelated business logic, or non-security transport concerns.

Security

Use this skill when a Litestar service needs defense-in-depth security implementation, not only authentication wiring.

For full implementation patterns, open references/security-patterns.md.

Execution Workflow

Define public, authenticated, and privileged route classes first.
Choose the authentication mechanism and attach it once at app scope.
Keep request parsing concerns separate from identity establishment.
Consume authenticated context from request.user / request.auth only after auth runs.
Apply guards for authorization and ownership checks.
Normalize 401 and 403 behavior intentionally and document exclusions.
Store and compare secrets safely.

Implementation Rules

Keep authentication separate from authorization.
Parse client inputs with litestar-requests; do not re-parse headers or cookies manually inside guards unless the protocol truly requires it.
Treat request.user and request.auth as authenticated context, not as generic request-parsing helpers.
Prefer built-in security backends before custom middleware.
Keep guard functions deterministic and side-effect free.
Make exclusion rules narrow, explicit, and tested.
Use NotAuthorizedException for identity failures and PermissionDeniedException for insufficient privileges unless the project has a documented alternative contract.
Keep secrets in SecretString / SecretBytes and compare them with constant-time primitives when relevant.

Decision Guide

Use litestar-authentication when the task is mostly identity establishment and token/session flow wiring.
Use this skill when auth, authorization, secret handling, exclusion rules, and failure behavior must be reviewed together.
Use guards when policy depends on authenticated context plus route intent.
Use route opt and exclude_opt_key only when public-route exceptions are deliberate and auditable.

Validation Checklist

Confirm unauthenticated requests receive the intended 401 behavior.
Confirm insufficient privileges receive the intended 403 behavior.
Confirm guards accumulate across Litestar layers where expected.
Confirm public-route exclusions are minimal and explicit.
Confirm secrets never appear in logs, repr output, or error payloads.
Confirm request parsing and auth context responsibilities stay separate.
Confirm tests cover missing credentials, invalid credentials, expired or revoked tokens, and insufficient permissions.

Cross-Skill Handoffs

Use litestar-authentication when the task is narrow and auth-only.
Use litestar-requests for request parsing, secret-bearing headers/body parameters, and multipart/form transport rules.
Use litestar-exception-handling to standardize 401 and 403 response contracts.
Use litestar-testing for auth boundary, guard, exclusion, and regression tests.
Use litestar-openapi to publish security schemes and auth docs for clients.

Litestar References

https://docs.litestar.dev/latest/usage/security/index.html
https://docs.litestar.dev/latest/usage/security/abstract-authentication-middleware.html
https://docs.litestar.dev/latest/usage/security/security-backends.html
https://docs.litestar.dev/latest/usage/security/guards.html
https://docs.litestar.dev/latest/usage/security/excluding-and-including-endpoints.html
https://docs.litestar.dev/latest/usage/security/jwt.html
https://docs.litestar.dev/latest/usage/security/secret-datastructures.html

Related Skills

alti3/litestar-websockets

development

VerifiedTrustedCommunity

Build Litestar WebSocket endpoints with low-level websocket handlers, websocket listeners, websocket streams, dependency injection, custom websocket classes, transport-mode control, and graceful connection lifecycle handling. Use when implementing bidirectional real-time communication, reactive websocket message handling, or proactive server push over WebSockets. Do not use for server-side pub/sub fanout that is better expressed with channels alone.

5SKILL.mdUpdated Apr 3, 2026

alti3/litestar-websockets

alti3/litestar-testing

tools

VerifiedTrustedCommunity

Test Litestar applications with TestClient, AsyncTestClient, create_test_client, websocket test helpers, dependency overrides, mocked dependencies, lifecycle-aware fixtures, and deterministic success and failure assertions. Use when adding or fixing Litestar test coverage, including exception contracts, override precedence, websocket behavior, event-bus side effects, or live-server-only response patterns. Do not use as a substitute for production observability or runtime debugging strategy.

5SKILL.mdUpdated Apr 3, 2026

alti3/litestar-testing

alti3/litestar-templating

development

VerifiedTrustedCommunity

Configure Litestar templating with `TemplateConfig`, Jinja/Mako/MiniJinja engines, file-or-string `Template` responses, request and CSRF-aware context, template callables, and custom engine integration. Use when implementing or fixing server-rendered HTML in Litestar. Do not use for static asset serving or pure JSON API endpoints.

5SKILL.mdUpdated Apr 3, 2026

alti3/litestar-templating

alti3/litestar-stores

development

VerifiedTrustedCommunity

Configure Litestar stores and the store registry for caching, server-side sessions, rate limiting, and other key-value state with explicit backend selection, bytes-safe data handling, TTL and renewal policy, namespacing, registry wiring, and lifecycle cleanup. Use when a Litestar app depends on `MemoryStore`, `FileStore`, `RedisStore`, `ValkeyStore`, or `StoreRegistry`. Do not use for relational persistence, domain repositories, or response-caching policy details that belong in database or caching-focused skills.

5SKILL.mdUpdated Apr 3, 2026

alti3/litestar-stores

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/alti3/litestar-skills.git

# Copy into Claude Code skills folder (global)
cp -r litestar-skills/plugins/litestar/skills/litestar-security ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

alti3/litestar-skills

5 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT