🎯

csrf-protection

🎯Skill

from harperaa/secure-claude-skills

VibeIndex|
What it does
|

Secure Claude Skills skill implementing **CSRF protection** with HMAC-SHA256 cryptographic token signing — covers attack mechanics (router DNS hijacking, YouTube 2012 vulnerability), origin/referer header validation, SameSite cookies, and a complete `withCsrf` middleware for protecting POST/PUT/DELETE endpoints in Next.js apps.

📦

Same repository

harperaa/secure-claude-skills(12 items)

csrf-protection

Installation

Vibe Index InstallInstalls to .claude/skills/
npx vibeindex add harperaa/secure-claude-skills --skill csrf-protection
skills.sh Install⚠ Installs to .agents/skills/
npx skills add harperaa/secure-claude-skills --skill csrf-protection
Manual InstallCopy SKILL.md content and save to the path below
~/.claude/skills/csrf-protection/SKILL.md

SKILL.md

178Installs
-
AddedFeb 4, 2026

More from this repository10

🎯
dependency-supply-chain-security🎯Skill

Secure Claude Skills skill teaching **dependency and supply chain security** — protecting against malicious packages, lockfile manipulation, and compromised transitive dependencies in Next.js projects, as part of an OWASP-aligned defense-in-depth security suite with Clerk auth and Convex database.

🎯
rate-limiting🎯Skill

Secure Claude Skills skill implementing **rate limiting** for brute force and abuse prevention — covers token bucket and sliding window algorithms, per-user and per-IP throttling, and progressive penalties for Next.js API routes, as part of an OWASP-aligned defense-in-depth security suite.

🎯
security-architecture-overview🎯Skill

Secure Claude Skills skill providing a **security architecture overview** — maps the defense-in-depth security model across CSRF protection, rate limiting, input validation, security headers, error handling, authentication, payment security, dependency auditing, and security testing for Next.js apps with Clerk and Convex.

🎯
security-testing-verification🎯Skill

Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, Clerk authentication, and automated security testing following OWASP best practices.

🎯
secure-error-handling🎯Skill

Secure Claude Skills skill teaching **secure error handling** — preventing information leakage through error responses by sanitizing stack traces, internal paths, and database details in production while maintaining useful debug output in development, as part of an OWASP-aligned security suite for Next.js apps.

🎯
security-headers🎯Skill

Security skill for configuring browser security headers including Content-Security-Policy, X-Frame-Options, HSTS, and MIME type protection. Covers middleware-based header application to defend against clickjacking, XSS, and SSL stripping attacks.

🎯
input-validation-xss-prevention🎯Skill

Secure Claude Skills skill teaching **input validation and XSS prevention** for Next.js apps — implements sanitization, Content Security Policy, and injection attack defenses following OWASP best practices, as part of a defense-in-depth security suite with Clerk auth and Convex database integration.

🎯
authentication-authorization-clerk🎯Skill

Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, authentication with Clerk, and security awareness training following OWASP best practices.

🎯
payment-security-clerk-billing-stripe🎯Skill

Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, and Clerk Billing/Stripe payment security following OWASP best practices.

🎯
security-prompts🎯Skill

Library of battle-tested security prompt templates for secure feature implementation, covering forms, endpoints, authentication, authorization, file uploads, RBAC, threat modeling, and OWASP security testing.