organvm-iv-taxis/security-implementation-guide
distributions/claude/skills/security-implementation-guide/SKILL.md
Comprehensive security patterns for authentication, authorization, input validation, and common vulnerability prevention
$ install --global
skillsauthnpx skillsauth add organvm-iv-taxis/a-i--skills security-implementation-guideInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 1, 2026, 8:33 AM291.8s1 file scanned
SKILL.md
- name:
- security-implementation-guide
- description:
- Comprehensive security patterns for authentication, authorization, input validation, and common vulnerability prevention
- license:
- MIT
- adapted-by:
- ai-skills
- category:
- security
- governance_phases:
- [build]
- governance_norm_group:
- security-baseline
- organ_affinity:
- [all]
- triggers:
- [user-asks-about-security-patterns, user-asks-about-auth, context:authentication]
- complements:
- [security-threat-modeler, gdpr-compliance-check, incident-response-commander]
Security Implementation Guide
Production-ready security patterns for web applications.
Input Validation
Sanitization
import DOMPurify from 'isomorphic-dompurify';
function sanitizeHTML(dirty: string): string {
return DOMPurify.sanitize(dirty, {
ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'p'],
ALLOWED_ATTR: []
});
}
// SQL injection prevention - use parameterized queries
const result = await db.query(
'SELECT * FROM users WHERE email = $1',
[email] // Never interpolate directly!
);
XSS Prevention
// React automatically escapes
<div>{userInput}</div> // Safe
// Dangerous - avoid dangerouslySetInnerHTML
<div dangerouslySetInnerHTML={{ __html: sanitizeHTML(userInput) }} />
// Set security headers
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
styleSrc: ["'self'", "'unsafe-inline'"],
}
}
}));
Authentication
Password Hashing
import bcrypt from 'bcrypt'; // allow-secret
async function hashPassword(password: string): Promise<string> { // allow-secret
const saltRounds = 12;
return bcrypt.hash(password, saltRounds); // allow-secret
}
async function verifyPassword(password: string, hash: string): Promise<boolean> { // allow-secret
return bcrypt.compare(password, hash); // allow-secret
}
Rate Limiting
import rateLimit from 'express-rate-limit';
const loginLimiter = rateLimit({
windowMs: 15 * 60 * 1000,
max: 5, // 5 attempts
message: 'Too many login attempts',
standardHeaders: true,
legacyHeaders: false,
});
app.post('/api/login', loginLimiter, loginHandler);
CSRF Protection
import csrf from 'csurf';
const csrfProtection = csrf({ cookie: true });
app.get('/form', csrfProtection, (req, res) => {
res.render('form', { csrfToken: req.csrfToken() });
});
app.post('/process', csrfProtection, (req, res) => {
// Protected endpoint
});
Integration Points
Complements:
- security-threat-modeler: For threat analysis
- backend-implementation-patterns: For secure APIs
- verification-loop: For security checks
Related Skills
organvm-iv-taxis/cv-resume-builder
development
VerifiedTrustedCommunity
Optimize resumes and CVs for impact, ATS compatibility, and audience targeting. Supports multiple formats (chronological, functional, hybrid), accomplishment framing (STAR/XYZ), and tailoring for specific roles. Triggers on resume review, CV update, job application prep, or career document requests.
7SKILL.mdUpdated May 31, 2026
organvm-iv-taxis/cross-agent-handoff
testing
VerifiedTrustedCommunity
Transfer context between AI agent sessions with structured handoff protocols, state serialization, and decision log preservation. Covers multi-agent coordination, context compression, and continuity patterns. Triggers on agent handoff, session transfer, or multi-agent continuity requests.
7SKILL.mdUpdated May 31, 2026
organvm-iv-taxis/creative-writing-craft
tools
VerifiedTrustedCommunity
Craft compelling fiction and creative nonfiction with attention to structure, voice, prose style, and revision. Supports short stories, novel chapters, essays, and hybrid forms. Triggers on creative writing, fiction writing, story craft, prose style, or literary technique requests.
7SKILL.mdUpdated May 31, 2026
organvm-iv-taxis/conversation-content-pipeline
devops
VerifiedTrustedCommunity
Transform AI conversations and chat transcripts into publishable content including blog posts, documentation, tutorials, and knowledge base entries. Covers extraction, restructuring, and editorial refinement. Triggers on conversation-to-content, transcript processing, or chat-to-doc requests.
7SKILL.mdUpdated May 31, 2026