‹ 首页

secure-coding

@techygarg · 收录于 1 周前

Apply security-conscious thinking when generating or modifying code. Enforces trust boundary awareness, input validation, injection prevention, secrets management, and defense-in-depth authorization. Use when generating code that handles user input, authentication, authorization, database queries, external APIs, file operations, or when the user mentions 'security review', 'secure this', 'check for vulnerabilities', 'trust boundary', 'input validation', or 'OWASP'. This skill governs the security posture of generated code -- not architecture (see architecture) and not code craft (see clean-code).

适合你,如果你需要在写代码时自动防范常见安全漏洞

/ 下载安装
secure-coding.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add techygarg/lattice/secure-coding
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- techygarg/lattice/secure-coding
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify techygarg/lattice/secure-coding
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
159GitHub stars
待重算上下文体积
镜像托管

怎么用

技能原文 SKILL.md作者撰写 · MIT · e5a5a73

Secure Coding

Config Resolution

Skill support project-custom. Order:

  1. Look .lattice/config.yaml in repo root
  2. If found, check paths.secure_coding for custom doc path
  3. If custom path exist, read doc, check YAML frontmatter for mode:
  4. mode: override (or no mode): Custom doc take full precedence. Use instead embed default. Must be comprehensive -- sole reference.
  5. mode: overlay: Read embed ./references/defaults.md first, then apply custom doc sections on top. Custom sections replace matching sections in default (match by heading). New sections append after default.
  6. If no config, no path, or path not found, read ./references/defaults.md
  7. Language adaptation: If paths.language_idioms exist in config, read "Error Handling" section and adapt §1 (Trust Boundary Identification) error message patterns to language idioms. Language idioms take precedence over pseudocode defaults.
Self-Validation Checklist

STOP after gen each component. Verify ALL before proceed. If check clearly fail, fix code before present. If check judgment call with multiple valid approach (see Ambiguity Signals), flag — present options and reasoning rather than silent choose.

  1. TRUST BOUNDARIES: Where trusted code meet untrusted data? All boundaries explicit identified?
  2. INPUT VALIDATION: Every external input validated at boundary with allowlist before reach business logic?
  3. QUERY SAFETY: All database query parameterized? Any string concat in query build?
  4. COMMAND SAFETY: Any shell/command execution? If so, input strict allowlisted?
  5. SECRETS: Any API key, password, token, connection string in code? If so → move to env var or secret manager.
  6. OUTPUT ENCODING: Output encoded appropriate for render context (HTML, JSON, URL)?
  7. AUTHORIZATION: Authorization verified at service layer, not just controller? Each endpoint enforce least privilege?
  8. ERROR MESSAGES: Error message exposed to user avoid reveal internal detail (stack trace, SQL query, file path)?
  9. DEPENDENCIES: New third-party package necessary? Version pinned or constrained? Any known-vulnerable package added?
Active Anti-Pattern Scan

STOP: After verify checklist above, scan output for specific anti-pattern. If find any, fix before present code.

  • [ ] Trust All Input: No validation on request param; data flow direct to business logic → validate at boundary with allowlist
  • [ ] SQL String Concatenation: User input interpolated into SQL query → use parameterized query or ORM query builder
  • [ ] Hardcoded Secrets: API key, password, token in source code → use env var or secret manager
  • [ ] Missing Authorization: Auth checked at login but not re-verified at service or resource level → check at every layer
  • [ ] Overly Broad Permissions: Admin access granted where read-only suffice → apply least privilege
  • [ ] Unvalidated Redirects: User-controlled URL used in redirect → allowlist permitted destination
  • [ ] Verbose Error Messages: Stack trace or SQL in API response → return generic message, log detail server-side
  • [ ] Logging Sensitive Data: Password, token, PII in log file → log event, not value; mask sensitive field
Ambiguity Signals

Check often have multiple valid outcome. When encounter, present option rather than silent choose.

  • Trust Boundary Scope: Internal API behind trusted gateway may or may not need full boundary validation.
  • Error Message Detail: How much info is "actionable but safe" depend on whether consumer is human user, frontend client, or internal service.
  • Validation Depth: Whether to re-validate at inner layer (defense-in-depth) or trust boundary validation alone.
  • Auth vs Authz Failure Response: Whether to return 401 (not authenticated) or 403 (not authorized) depend on whether identity is known.
Core Principle

Govern security posture of generated code — trust boundaries, input validation, injection prevention, secrets, authorization.

Boundary with clean-code: clean-code governs error message craft; this skill governs what error messages must not reveal (internal detail).

Boundary with architecture: architecture defines where checks live (service layer, not controller); this skill defines what to check (identity confirmed, permission granted, resource owned).

See ./references/defaults.md.

按 MIT 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。