security-best-practices
Reviews Python, JavaScript/TypeScript, and Go codebases for security vulnerabilities using language- and framework-specific guidance.
Setup & Installation
What This Skill Does
Reviews Python, JavaScript/TypeScript, and Go codebases for security vulnerabilities using language- and framework-specific guidance. Operates in three modes: writing secure-by-default code, passively flagging critical issues during development, or generating a prioritized vulnerability report on request.
Instead of manually cross-referencing OWASP docs and framework-specific advisories, it loads the right reference material for your exact stack and applies it directly to your code.
When to use it
- Auditing a Flask API for common Python web security issues before a production deploy
- Generating a severity-ranked vulnerability report for a Node.js Express app
- Writing new Go HTTP handlers with secure defaults already applied
- Catching hardcoded secrets or missing input validation while adding features to an existing TypeScript project
- Getting a fix for a specific CVE-class issue with an explanation tied to the relevant security guidance
Similar Skills
best-practices
A checklist of modern web development standards covering HTTPS, CSP headers, input sanitization, deprecated API avoidance, and HTML validity.
auth0-android
Adds authentication to native Android apps using the Auth0 SDK.
auth0-angular
Adds authentication to Angular apps using the @auth0/auth0-angular SDK.
auth0-aspnetcore-api
Adds JWT access token validation to ASP.