- Home
- Skills
- Ashishop
- Arc Protocol
- Security Guardian
security-guardian_skill
- Python
65
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill ashishop/arc-protocol --skill security-guardian- SKILL.md641 B
Overview
This skill enforces secure coding standards and hunts for vulnerabilities across code and configuration. It focuses on secret management, input sanitization, and dependency auditing to reduce risk in development workflows. It integrates into agentic ARC workflows to analyze changes, run checks, and confirm fixes.
How this skill works
Security Guardian inspects code diffs, configuration files, and dependency manifests to detect risky patterns like hardcoded secrets, unsanitized inputs, and high-risk libraries. It flags findings with actionable remediation steps, recommends immediate fixes (for example moving secrets into .env.local and updating .gitignore), and can re-run checks after fixes are applied. It also rates dependencies for known vulnerabilities and unnecessary complexity.
When to use it
- During code reviews for any pull request that touches config, auth, or input handling.
- When introducing new third-party libraries or upgrading dependency versions.
- Before merging changes that affect deployment, CI, or secret management.
- When integrating new user input flows or using client-side HTML injection paths.
- As a periodic audit for long-lived branches or maintenance sprints.
Best practices
- Never commit keys, tokens, or passwords to source; use environment files and ensure they are gitignored.
- Sanitize and validate all user input before rendering or database queries; avoid using dangerouslySetInnerHTML without strict sanitization.
- Run automated dependency vulnerability scans on each change and avoid unnecessary heavy packages.
- Provide clear remediation steps with code examples and tests to confirm fixes.
- Treat security warnings as blocking for high-severity issues and assign owners for remediation.
Example use cases
- Detecting and removing a hardcoded API key accidentally added to source control and moving it to .env.local.
- Identifying an endpoint that inserts unsanitized user input into HTML and recommending a safe rendering approach.
- Flagging a newly added dependency with known CVEs and suggesting safer alternatives or specific patch updates.
- Running a pre-merge audit that enforces dependency vetting and input sanitization standards.
- Re-running checks after patch commits to confirm vulnerabilities have been resolved.
FAQ
No. It identifies secrets and recommends removal steps. Use secure tools like git-filter-repo or BFG to purge secrets safely and rotate exposed credentials.
How does it score dependency risk?
It combines known CVE data, package popularity, release cadence, and size/complexity indicators to prioritize risky dependencies and suggest mitigations or alternatives.