araujomartin/angular-access-modifiers
skills/angular-access-modifiers/SKILL.md
Recommended usage of access modifiers in Angular components: public readonly for API (inputs/outputs), protected readonly for template state, private readonly for internal logic. Trigger: When defining component properties in Angular.
development
Updated May 12, 2026
$ install --global
skillsauthnpx skillsauth add araujomartin/angular-agent-skills angular-access-modifiersInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 12, 2026, 11:34 PM300.3s2 files scanned
SKILL.md
- name:
- angular-access-modifiers
- description:
- >
- Recommended usage of access modifiers in Angular components:
- public readonly for API (inputs/outputs), protected readonly for template state, private readonly for internal logic. Trigger: When defining component properties in Angular.
- version:
- 1.0.0
- - name:
- Martin Araujo
- url:
- https://github.com/araujomartin
- minVersion:
- 15.0.0
- maxVersion:
- 21.0.0
- supportedVersions:
- ["15", "16", "17", "18", "19", "20", "21"]
Version Support
Minimum Angular Version: 15.0.0
Maximum Angular Version: 21.0.0
Supported Versions: 15, 16, 17, 18, 19, 20, 21
When to Use
Load this skill when:
- Defining the public API of a component
- Exposing inputs/outputs (signals)
- Declaring state for the template
- Hiding internal logic from consumers and the template
Critical Patterns
public readonly for API/Inputs/Outputs
Supported in: v17+
Use public readonly to expose the public API of the component, using the modern input() and output() functions for signal-based inputs and outputs.
import { Component, input, output, ChangeDetectionStrategy } from '@angular/core';
@Component({
selector: 'app-example',
standalone: true,
changeDetection: ChangeDetectionStrategy.OnPush,
template: `<button (click)="save()">Save</button>`
})
export class ExampleComponent {
public readonly name = input.required<string>(); // input signal
public readonly saved = output<void>(); // output signal
save() {
this.saved.emit();
}
}
protected readonly for template state
Supported in: v15+
Use protected readonly for properties accessed only by the class and the template (e.g., internal signals for displaying state).
import { Component, signal, ChangeDetectionStrategy } from '@angular/core';
@Component({
selector: 'app-template-state',
standalone: true,
changeDetection: ChangeDetectionStrategy.OnPush,
template: `<div>{{ count() }}</div>`
})
export class TemplateStateComponent {
protected readonly count = signal(0);
}
private readonly for internal logic
Supported in: v15+
Use private readonly for properties only used inside the class (not accessible from the template or outside the component).
import { Component, signal, ChangeDetectionStrategy } from '@angular/core';
@Component({
selector: 'app-secret',
standalone: true,
changeDetection: ChangeDetectionStrategy.OnPush,
template: `<span>Secret logic</span>`
})
export class SecretComponent {
private readonly secretValue = signal('hidden');
}
Extended examples and advanced patterns
For complete examples, common mistakes, and advanced patterns, see references/patterns.md.
Common Mistakes
❌ Don't use public for everything
Why this is problematic: Exposes internal state/logic unnecessarily.
export class BadComponent {
public count = 0; // ❌ Should be protected or private
}
✅ Instead:
export class GoodComponent {
protected readonly count = 0;
}
❌ Don't use private for template state
Why this is problematic: The template cannot access private members.
export class BadComponent {
private readonly count = 0; // ❌ Not accessible in the template
}
✅ Instead:
export class GoodComponent {
protected readonly count = 0; // ✅ Accessible in the template
}
Quick Reference
| Task | Pattern | Version |
|------|---------|---------|
| Input signal | public readonly input() | v17+ |
| Output signal | public readonly output() | v17+ |
| Template state | protected readonly signal() | v15+ |
| Internal logic | private readonly signal() | v15+ |
Resources
- Angular.dev
- Angular Style Guide
- TypeScript Handbook: Classes
Related Skills
araujomartin/skill-creator
documentation
VerifiedTrustedCommunity
Creates new AI agent skills for Angular following the Angular Agent Skills spec. Trigger: When user asks to create a new skill, add agent instructions, document Angular patterns for AI, or create skill documentation.
SKILL.mdUpdated May 12, 2026
araujomartin/angular-component-inputs
development
VerifiedTrustedCommunity
Modern function-based component inputs and models using Angular Signals API. Trigger: When defining component inputs, when migrating from decorators, when working with reactive component APIs, when implementing two-way binding.
SKILL.mdUpdated May 12, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026
openclaw/openclaw-release-maintainer
development
VerifiedTrustedCommunity
Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.
357,764SKILL.mdUpdated Apr 10, 2026