harperaa

harperaa/secure-claude-skills

12 resources in this repository

GitHub
🎯12

🎯Skills12

🎯dependency-supply-chain-security🎯Skill

Secure Claude Skills skill teaching **dependency and supply chain security** β€” protecting against malicious packages, lockfile manipulation, and compromised transitive dependencies in Next.js projects, as part of an OWASP-aligned defense-in-depth security suite with Clerk auth and Convex database.

dependency-supply-chain-security
🎯rate-limiting🎯Skill

Secure Claude Skills skill implementing **rate limiting** for brute force and abuse prevention β€” covers token bucket and sliding window algorithms, per-user and per-IP throttling, and progressive penalties for Next.js API routes, as part of an OWASP-aligned defense-in-depth security suite.

rate-limiting
🎯security-architecture-overview🎯Skill

Secure Claude Skills skill providing a **security architecture overview** β€” maps the defense-in-depth security model across CSRF protection, rate limiting, input validation, security headers, error handling, authentication, payment security, dependency auditing, and security testing for Next.js apps with Clerk and Convex.

security-architecture-overview
🎯security-testing-verification🎯Skill

Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, Clerk authentication, and automated security testing following OWASP best practices.

security-testing-verification
🎯csrf-protection🎯Skill

Secure Claude Skills skill implementing **CSRF protection** with HMAC-SHA256 cryptographic token signing β€” covers attack mechanics (router DNS hijacking, YouTube 2012 vulnerability), origin/referer header validation, SameSite cookies, and a complete `withCsrf` middleware for protecting POST/PUT/DELETE endpoints in Next.js apps.

csrf-protection
🎯secure-error-handling🎯Skill

Secure Claude Skills skill teaching **secure error handling** β€” preventing information leakage through error responses by sanitizing stack traces, internal paths, and database details in production while maintaining useful debug output in development, as part of an OWASP-aligned security suite for Next.js apps.

secure-error-handling
🎯security-headers🎯Skill

Security skill for configuring browser security headers including Content-Security-Policy, X-Frame-Options, HSTS, and MIME type protection. Covers middleware-based header application to defend against clickjacking, XSS, and SSL stripping attacks.

security-headers
🎯input-validation-xss-prevention🎯Skill

Secure Claude Skills skill teaching **input validation and XSS prevention** for Next.js apps β€” implements sanitization, Content Security Policy, and injection attack defenses following OWASP best practices, as part of a defense-in-depth security suite with Clerk auth and Convex database integration.

input-validation-xss-prevention
🎯authentication-authorization-clerk🎯Skill

Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, authentication with Clerk, and security awareness training following OWASP best practices.

authentication-authorization-clerk
🎯payment-security-clerk-billing-stripe🎯Skill

Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, and Clerk Billing/Stripe payment security following OWASP best practices.

payment-security-clerk-billing-stripe
🎯security-prompts🎯Skill

Library of battle-tested security prompt templates for secure feature implementation, covering forms, endpoints, authentication, authorization, file uploads, RBAC, threat modeling, and OWASP security testing.

security-prompts
🎯security-operations-deployment🎯Skill

Implements defense-in-depth security controls for deployment operations in Next.js applications using Clerk authentication and Convex database, following OWASP best practices for enterprise-grade security.

security-operations-deployment