input-validation-xss-prevention
๐ฏSkillfrom harperaa/secure-claude-skills
Secure Claude Skills skill teaching **input validation and XSS prevention** for Next.js apps โ implements sanitization, Content Security Policy, and injection attack defenses following OWASP best practices, as part of a defense-in-depth security suite with Clerk auth and Convex database integration.
Same repository
harperaa/secure-claude-skills(12 items)
Installation
npx vibeindex add harperaa/secure-claude-skills --skill input-validation-xss-preventionnpx skills add harperaa/secure-claude-skills --skill input-validation-xss-prevention~/.claude/skills/input-validation-xss-prevention/SKILL.mdSKILL.md
More from this repository10
Secure Claude Skills skill teaching **dependency and supply chain security** โ protecting against malicious packages, lockfile manipulation, and compromised transitive dependencies in Next.js projects, as part of an OWASP-aligned defense-in-depth security suite with Clerk auth and Convex database.
Secure Claude Skills skill implementing **rate limiting** for brute force and abuse prevention โ covers token bucket and sliding window algorithms, per-user and per-IP throttling, and progressive penalties for Next.js API routes, as part of an OWASP-aligned defense-in-depth security suite.
Secure Claude Skills skill providing a **security architecture overview** โ maps the defense-in-depth security model across CSRF protection, rate limiting, input validation, security headers, error handling, authentication, payment security, dependency auditing, and security testing for Next.js apps with Clerk and Convex.
Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, Clerk authentication, and automated security testing following OWASP best practices.
Secure Claude Skills skill implementing **CSRF protection** with HMAC-SHA256 cryptographic token signing โ covers attack mechanics (router DNS hijacking, YouTube 2012 vulnerability), origin/referer header validation, SameSite cookies, and a complete `withCsrf` middleware for protecting POST/PUT/DELETE endpoints in Next.js apps.
Secure Claude Skills skill teaching **secure error handling** โ preventing information leakage through error responses by sanitizing stack traces, internal paths, and database details in production while maintaining useful debug output in development, as part of an OWASP-aligned security suite for Next.js apps.
Security skill for configuring browser security headers including Content-Security-Policy, X-Frame-Options, HSTS, and MIME type protection. Covers middleware-based header application to defend against clickjacking, XSS, and SSL stripping attacks.
Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, authentication with Clerk, and security awareness training following OWASP best practices.
Defense-in-depth security skills for Claude Code implementing enterprise-grade controls for Next.js apps, including CSRF protection, rate limiting, input validation, security headers, and Clerk Billing/Stripe payment security following OWASP best practices.
Library of battle-tested security prompt templates for secure feature implementation, covering forms, endpoints, authentication, authorization, file uploads, RBAC, threat modeling, and OWASP security testing.