application-security

Name: application-security
Rating: 55
Author: dralgorhythm

by dralgorhythm

A More Effective Agent Harness for Claude

⭐ 4🍴 0📅 Jan 22, 2026

agentic agents ai claude developer-tools development flow

View on GitHub Run in Manus

SKILL.md

name: application-security description: Secure applications against common vulnerabilities. Use when reviewing code for security, implementing security controls, or hardening applications. Covers OWASP Top 10. allowed-tools: Read, Glob, Grep

Application Security

OWASP Top 10 (2021)

1. Broken Access Control

Risk: Users accessing unauthorized resources.

Prevention:

Deny by default
Implement RBAC/ABAC
Validate permissions server-side
Log access failures

2. Cryptographic Failures

Risk: Sensitive data exposure.

Prevention:

Encrypt data at rest and in transit
Use strong algorithms (AES-256, RSA-2048+)
Never store passwords in plaintext
Use secure key management

3. Injection

Risk: Malicious input executed as code.

Prevention:

// BAD - SQL injection
const query = `SELECT * FROM users WHERE id = ${userId}`;

// GOOD - Parameterized query
const query = 'SELECT * FROM users WHERE id = $1';
db.query(query, [userId]);

4. Insecure Design

Risk: Missing security controls by design.

Prevention:

Threat modeling
Security requirements
Defense in depth

5. Security Misconfiguration

Risk: Default or weak configuration.

Prevention:

Disable unnecessary features
Remove default credentials
Keep software updated
Harden server configuration

6. Vulnerable Components

Risk: Using libraries with known vulnerabilities.

Prevention:

Regular dependency audits
Keep dependencies updated
Monitor CVE databases

7. Authentication Failures

Risk: Weak or broken authentication.

Prevention:

Multi-factor authentication
Strong password policies
Secure session management
Rate limiting on login

8. Software & Data Integrity

Risk: Untrusted sources for updates.

Prevention:

Verify code signatures
Use SRI for CDN resources
Secure CI/CD pipeline

9. Logging & Monitoring Failures

Risk: Attacks go undetected.

Prevention:

Log security events
Monitor for anomalies
Alert on suspicious activity

10. Server-Side Request Forgery

Risk: Server makes requests to unintended destinations.

Prevention:

Validate URLs
Use allowlists
Block internal IPs

Score

Total Score

55/100

Based on repository quality metrics

✓SKILL.md

SKILL.mdファイルが含まれている

+20

○LICENSE

ライセンスが設定されている

0/10

○説明文

100文字以上の説明がある

0/10

○人気

GitHub Stars 100以上

0/15

✓最近の活動

1ヶ月以内に更新

+10

○フォーク

10回以上フォークされている

0/5

✓Issue管理

オープンIssueが50未満

✓言語

プログラミング言語が設定されている

✓タグ

1つ以上のタグが設定されている

Reviews

💬

Reviews coming soon

application-security

SKILL.md

name: application-security description: Secure applications against common vulnerabilities. Use when reviewing code for security, implementing security controls, or hardening applications. Covers OWASP Top 10. allowed-tools: Read, Glob, Grep

Application Security

OWASP Top 10 (2021)

1. Broken Access Control

2. Cryptographic Failures

3. Injection

4. Insecure Design

5. Security Misconfiguration

6. Vulnerable Components

7. Authentication Failures

8. Software & Data Integrity

9. Logging & Monitoring Failures

10. Server-Side Request Forgery

Score

Reviews

git-workflow

code-review

system-info

create-pr

prompt-lookup

skill-lookup

application-security

SKILL.md

name: application-security description: Secure applications against common vulnerabilities. Use when reviewing code for security, implementing security controls, or hardening applications. Covers OWASP Top 10. allowed-tools: Read, Glob, Grep

Application Security

OWASP Top 10 (2021)

1. Broken Access Control

2. Cryptographic Failures

3. Injection

4. Insecure Design

5. Security Misconfiguration

6. Vulnerable Components

7. Authentication Failures

8. Software & Data Integrity

9. Logging & Monitoring Failures

10. Server-Side Request Forgery

Score

Reviews

Related

Related Skills

git-workflow

code-review

system-info

create-pr

prompt-lookup

skill-lookup