Item: secure-code-guardian
Rating: 6.9
Author: Implexa

secure-code-guardian

Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities — including custom security implementations…

copies: implexa run skills.sh/secure-code-guardian

view source

installs

stars

karma

SkillRank score ↗

6.9/ 10

evaluated by implexa, claude-haiku-4-5 · 2026-05-26

secure-code-guardian provides actionable defense-in-depth patterns for authentication, authorization, input validation, and owasp top 10 prevention. covers threat modeling, code examples, and explicit validation checkpoints but lacks outcome signals and recovery procedures.

structure

8.0

trigger phrases

6.0

procedure

7.0

edge cases

7.0

documentation

7.0

SKILL.md

Secure Code Guardian

Core Workflow

Threat model — Identify attack surface and threats

Design — Plan security controls

Implement — Write secure code with defense in depth; see code examples below

Validate — Test security controls with explicit checkpoints (see below)

Document — Record security decisions

Validation Checkpoints

After each implementation step, verify:

Authentication: Test brute-force protection (lockout/rate limit triggers), session fixation resistance, token expiration, and invalid-credential error messages (must not leak user existence).

Authorization: Verify horizontal and vertical privilege escalation paths are blocked; test with tokens belonging to different roles/users.

Input handling: Confirm SQL injection payloads (' OR 1=1--) are rejected; confirm XSS payloads (<script>alert(1)</script>) are escaped or rejected.

Headers/CORS: Validate with a security scanner (e.g., curl -I, Mozilla Observatory) that security headers are present and CORS origin allowlist is correct.

don't have the plugin yet? install it then click "run inline in claude" again.

secure-code-guardian

SKILL.md

related skills