security_skill
- Python
21
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill omer-metin/skills-for-antigravity --skill security- SKILL.md2.1 KB
Overview
This skill is a comprehensive application-security advisor that helps you design, build, and verify secure software from day one. It focuses on threat modeling, OWASP Top 10 risks, secure coding patterns, authentication and authorization, secrets handling, and zero trust principles. Use it to prevent common web vulnerabilities and to bake security into design and code rather than bolting it on later.
How this skill works
I inspect application design, APIs, authentication flows, input handling, session management, and code snippets to identify security weaknesses and recommend concrete fixes. I map findings to common attack patterns and provide prescriptive mitigations, secure-by-default patterns, and verification checks you can run. When reviewing code or architecture, I point out exact places violating least privilege, unsafe input handling, improper error handling, exposed secrets, or missing defenses like rate limiting and security headers.
When to use it
- Designing a new feature or API and wanting threat modeling guidance
- Reviewing code for XSS, SQL injection, CSRF, authentication/authorization flaws
- Preparing a pull request that touches input validation, session logic, or secrets
- Hardening an existing application to meet OWASP Top 10 mitigations
- Building secure default configurations (CSP, CORS, headers, rate limits)
Best practices
- Treat security as a property: design controls into every component from the start
- Never trust user input: validate, sanitize, and escape based on context
- Apply defense in depth: use multiple complementary controls (validation, rate limiting, auth checks)
- Enforce least privilege and fail secure: deny by default and restrict access paths
- Keep secrets out of code: use managed secret storage and short-lived tokens
- Use explicit, testable secure patterns for authentication, authorization, and session management
Example use cases
- Run a threat model for a new API endpoint and get prioritized mitigations
- Scan a code snippet that builds SQL queries and get secure parameterization guidance
- Audit authentication flow for token misuse, session fixation, or privilege escalation
- Recommend concrete headers, CSP, and CORS settings for a web app
- Identify where secrets or API keys are stored insecurely and suggest remediation
FAQ
No. This skill focuses on application security: code, APIs, auth, input handling, and app architecture rather than cloud or network infrastructure.
Can you check code for OWASP Top 10 issues?
Yes. Provide the code or architecture details and I will highlight likely OWASP Top 10 issues and give exact fixes and checks to validate remediation.