dancon-secure-cfworker
Generate secure Cloudflare Worker code in TypeScript that avoids all weaknesses covered by OWASP Top 10 (2025) and CWE Top 25 (2025). Use this skill whenever the user asks to create, write, scaffold, or generate a Cloudflare Worker, CF Worker, edge function, or serverless function on Cloudflare. Also trigger when the user asks to build a secure API, secure endpoint, secure webhook handler, or any TypeScript code targeting the Workers runtime. Always use this skill over generic code generation when the target is Cloudflare Workers.
92
88%
Does it follow best practices?
Impact
100%
1.33xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
100%
23%Personal Notes API — Cloudflare Worker
Input validation, SQL injection prevention, output file structure
Parameterised D1 queries
100%
100%
Input validation library
70%
100%
Resource-level authorisation
100%
100%
Security response headers
0%
100%
No global mutable state
100%
100%
Safe error responses
100%
100%
Output file structure
100%
100%
wrangler.jsonc compatibility_date
50%
100%
Observability enabled
0%
100%
No hardcoded secrets
100%
100%
.dev.vars.example uses placeholders
100%
100%
Fetch handler wrapped in try/catch
100%
100%
100%
24%CI/CD Notification Worker — Cloudflare Worker
Webhook signature verification, secure logging, wrangler configuration
HMAC-SHA256 webhook verification
100%
100%
Timing-safe signature comparison
100%
100%
Reject before processing
100%
100%
Request body size limit
0%
100%
Structured JSON logging
100%
100%
Log sanitisation
100%
100%
No secrets in logs
100%
100%
SSRF prevention for Slack
100%
100%
wrangler.jsonc compatibility_date
50%
100%
Observability enabled
0%
100%
Pinned dependency versions
0%
100%
No hardcoded secrets
100%
100%
100%
28%User Authentication Service — Cloudflare Worker
Cryptographic correctness, JWT auth, SSRF prevention, rate limiting
PBKDF2 iteration count
0%
100%
Cryptographic JWT verification
100%
100%
crypto.randomUUID() for IDs
37%
100%
No Math.random() for security
100%
100%
Timing-safe token comparison
50%
100%
Rate limiting on login endpoint
30%
100%
No global mutable state
100%
100%
SSRF prevention for email service
100%
100%
Fail-closed auth error handling
100%
100%
Token expiry enforced
100%
100%
No tokens in URLs
100%
100%
- Repository
- danielyan-consulting/skills
- Commit
99b52ce
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.