Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

secondsky/api-security-hardening

Name: api-security-hardening
Author: secondsky

plugins/api-security-hardening/skills/api-security-hardening/SKILL.md

npx skillsauth add secondsky/claude-skills api-security-hardening

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

API Security Hardening

Protect REST APIs against common vulnerabilities with multiple security layers.

Security Middleware Stack (Express)

const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const mongoSanitize = require('express-mongo-sanitize');
const xss = require('xss-clean');

app.use(helmet());
app.use(mongoSanitize());
app.use(xss());

app.use('/api/', rateLimit({
  windowMs: 15 * 60 * 1000,
  max: 100
}));

app.use('/api/auth/', rateLimit({
  windowMs: 15 * 60 * 1000,
  max: 5
}));

Input Validation

const { body, validationResult } = require('express-validator');

app.post('/users',
  body('email').isEmail().normalizeEmail(),
  body('password').isLength({ min: 8 }).matches(/[A-Z]/).matches(/[0-9]/),
  body('name').trim().escape().isLength({ max: 100 }),
  (req, res) => {
    const errors = validationResult(req);
    if (!errors.isEmpty()) {
      return res.status(400).json({ errors: errors.array() });
    }
    // Process request
  }
);

Security Headers

app.use((req, res, next) => {
  res.setHeader('Content-Security-Policy', "default-src 'self'");
  res.setHeader('X-Frame-Options', 'DENY');
  res.setHeader('X-Content-Type-Options', 'nosniff');
  res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
  res.setHeader('X-XSS-Protection', '1; mode=block');
  next();
});

Security Checklist

[ ] HTTPS everywhere
[ ] Authentication on all protected routes
[ ] Input validation and sanitization
[ ] Rate limiting enabled
[ ] Security headers configured
[ ] CORS restricted to allowed origins
[ ] No stack traces in production errors
[ ] Audit logging enabled
[ ] Dependencies regularly updated

Additional Implementations

See references/python-nginx.md for:

Python FastAPI security middleware
Pydantic input validation with password rules
Nginx SSL/TLS and security headers configuration
HTTP Parameter Pollution prevention

Never Do

Trust user input without validation
Return detailed errors in production
Store secrets in code
Use GET for state-changing operations
Disable security for convenience

secondsky/api-security-hardening

plugins/api-security-hardening/skills/api-security-hardening/SKILL.md

REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.

144 stars

development

Updated May 15, 2026

$ install --global

skillsauth

npx skillsauth add secondsky/claude-skills api-security-hardening

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 15, 2026, 4:26 AM13.1s2 files scanned

SKILL.md

name:: api-security-hardening
description:: REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
license:: MIT

API Security Hardening

Protect REST APIs against common vulnerabilities with multiple security layers.

Security Middleware Stack (Express)

const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const mongoSanitize = require('express-mongo-sanitize');
const xss = require('xss-clean');

app.use(helmet());
app.use(mongoSanitize());
app.use(xss());

app.use('/api/', rateLimit({
  windowMs: 15 * 60 * 1000,
  max: 100
}));

app.use('/api/auth/', rateLimit({
  windowMs: 15 * 60 * 1000,
  max: 5
}));

Input Validation

const { body, validationResult } = require('express-validator');

app.post('/users',
  body('email').isEmail().normalizeEmail(),
  body('password').isLength({ min: 8 }).matches(/[A-Z]/).matches(/[0-9]/),
  body('name').trim().escape().isLength({ max: 100 }),
  (req, res) => {
    const errors = validationResult(req);
    if (!errors.isEmpty()) {
      return res.status(400).json({ errors: errors.array() });
    }
    // Process request
  }
);

Security Headers

app.use((req, res, next) => {
  res.setHeader('Content-Security-Policy', "default-src 'self'");
  res.setHeader('X-Frame-Options', 'DENY');
  res.setHeader('X-Content-Type-Options', 'nosniff');
  res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
  res.setHeader('X-XSS-Protection', '1; mode=block');
  next();
});

Security Checklist

[ ] HTTPS everywhere
[ ] Authentication on all protected routes
[ ] Input validation and sanitization
[ ] Rate limiting enabled
[ ] Security headers configured
[ ] CORS restricted to allowed origins
[ ] No stack traces in production errors
[ ] Audit logging enabled
[ ] Dependencies regularly updated

Additional Implementations

See references/python-nginx.md for:

Python FastAPI security middleware
Pydantic input validation with password rules
Nginx SSL/TLS and security headers configuration
HTTP Parameter Pollution prevention

Never Do

Trust user input without validation
Return detailed errors in production
Store secrets in code
Use GET for state-changing operations
Disable security for convenience

Related Skills

secondsky/bun-runtime

tools

VerifiedTrustedCommunity

Use for Bun runtime, bunfig.toml, watch/hot modes, env vars, CLI flags, and module resolution.

144SKILL.mdUpdated May 15, 2026

secondsky/bun-runtime

secondsky/bun-redis

data-ai

VerifiedTrustedCommunity

Use when working with Redis in Bun (ioredis, Upstash), caching, pub/sub, session storage, or key-value operations.

144SKILL.mdUpdated May 15, 2026

secondsky/bun-react-ssr

development

VerifiedTrustedCommunity

Use when building server-rendered React with Bun, including streaming SSR, hydration, renderToString, or custom SSR without a framework.

144SKILL.mdUpdated May 15, 2026

secondsky/bun-react-ssr

secondsky/bun-package-manager

databases

VerifiedTrustedCommunity

Bun package manager commands (install, add, remove, update), workspaces, lockfiles, npm/yarn/pnpm migration. Use for dependency management with Bun.

144SKILL.mdUpdated May 15, 2026

secondsky/bun-package-manager

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/secondsky/claude-skills.git

# Copy into Claude Code skills folder (global)
cp -r claude-skills/plugins/api-security-hardening/skills/api-security-hardening ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

secondsky/claude-skills

144 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT