- Home
- Skills
- Harperaa
- Secure Claude Skills
- Built In Controls
built-in-controls_skill
- JavaScript
4
GitHub Stars
4
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill harperaa/secure-claude-skills --skill built-in-controls- 01_contact_form.md3.2 KB
- 02_authenticated_update.md3.0 KB
- 03_public_api.md2.7 KB
- SKILL.md12.3 KB
Overview
This skill provides simple, ready-to-use security prompt templates for common web features. It speeds up implementations by composing existing Secure Vibe Coding OS utilities into standard patterns. Use it for quick, secure endpoints that need minimal customization and reliable defaults.
How this skill works
Each template wires together middleware, validation, and error handling so you can implement a secure endpoint quickly. Templates include CSRF protection, rate limiting, input schemas, XSS sanitization, authentication hooks, pagination, and secure error responses as appropriate. Choose a template that matches your feature and apply the provided utilities and testing checklist.
When to use it
- Building a standard contact or feedback form quickly
- Implementing a user update endpoint where users edit their own profile
- Creating a public read-only GET endpoint with pagination
- When you need a 15–30 minute secure implementation with minimal customization
- When you want consistent, reusable security defaults across simple features
Best practices
- Start with the simplest matching template and upgrade if requirements grow
- Always run the template testing checklist and verify negative cases (invalid input, unauthorized access)
- Document any deviations from the template (rate limits, schema changes) in code comments
- Apply ownership checks for any resource that should be user-specific; upgrade to authorization templates for team or admin resources
- Treat templates as starting points—not substitutes for threat modeling when features become complex
Example use cases
- Public contact or feedback form with CSRF, rate limiting, and XSS sanitization
- Authenticated profile update endpoint that enforces user ownership and input validation
- Public blog listing or product catalog GET endpoint with query validation and pagination
- Quick newsletter signup form that validates email and protects against spam with rate limits
- Rapid prototype of a read-only public API for documentation or listings
FAQ
Upgrade when you need complex authorization, file uploads, multi-layer middleware composition, or custom security patterns not covered by the templates.
Do templates include tests?
Templates include testing checklists you should run manually or turn into automated tests; they cover positive and negative cases like CSRF, rate limits, and validation.