security-checklist_skill

This skill helps you implement and audit security controls using OWASP top 10 mitigations, authentication patterns, input validation, and compliance guidelines.
  • TypeScript

8

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill ariegoldkin/ai-agent-hub --skill security-checklist

  • SKILL.md24.9 KB

Overview

This skill delivers a practical security checklist for building and auditing web applications. It focuses on OWASP Top 10 mitigations, authentication patterns, input validation, secure configuration, and compliance guidance. Use it to harden apps, prepare for assessments, and reduce common vulnerability risks.

How this skill works

The skill inspects application controls, configuration, and development patterns against proven mitigations: access control, cryptography, injection prevention, secure design, and logging. It recommends concrete changes (parameterized queries, strong hashing, secure headers, allowlists) and suggests tools to scan dependencies and code. It adapts guidance to the project stack (Node/Python) and highlights operational checks like secrets scanning and CI/CD integrity verification.

When to use it

  • During security audits, code reviews, or pre-release checks
  • When implementing authentication, authorization, or session management
  • While validating and sanitizing user input or upload handling
  • When storing or handling sensitive data (PII, credentials, payments)
  • Before or during compliance work (GDPR, HIPAA, SOC2)
  • Preparing for penetration tests or third-party dependency reviews

Best practices

  • Apply defense-in-depth: multiple, independent controls across layers
  • Enforce least privilege for users and service accounts
  • Validate and sanitize all external input with allowlists where possible
  • Use strong, modern cryptography (TLS, Argon2/Bcrypt/Scrypt, key rotation)
  • Scan and pin dependencies; integrate audits into CI/CD
  • Log security events centrally and alert on suspicious patterns without logging secrets

Example use cases

  • Add RBAC and ownership checks to APIs to prevent IDOR and broken access control
  • Replace string-built SQL with parameterized queries or ORM queries to eliminate SQL injection
  • Hardening production config: disable debug mode, set security headers and secure cookies
  • Implement MFA, rate limiting, and account lockout for authentication endpoints
  • Run npm audit / pip-audit, Semgrep, and TruffleHog in CI to catch vulnerable packages and leaked secrets

FAQ

Start with npm audit to find dependency issues, then add static analysis (Semgrep) and secrets scanning (TruffleHog) in CI.

How do I prevent sensitive data exposure in logs?

Log only security-relevant metadata, redact or omit tokens and passwords, and centralize logs with role-based access and retention policies.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
security-checklist skill by ariegoldkin/ai-agent-hub | VeilStrat