api-security-hardening
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
93
93%
Does it follow best practices?
Impact
89%
1.39xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
100%
36%Secure an Express.js REST API
Express.js security middleware stack
helmet used
100%
100%
mongo-sanitize used
0%
100%
xss-clean used
0%
100%
General API rate limit value
100%
100%
Auth endpoint rate limit value
0%
100%
express-validator used
100%
100%
Password min length
50%
100%
Password uppercase requirement
100%
100%
Password digit requirement
100%
100%
Name field max length
100%
100%
CSP header value
0%
100%
HSTS header value
100%
100%
X-Frame-Options DENY
100%
100%
X-Content-Type-Options nosniff
100%
100%
100%
46%Harden a Python FastAPI User Registration Service
Python FastAPI security and input validation
TrustedHostMiddleware
0%
100%
CORS restricted origins
100%
100%
CORS explicit methods
100%
100%
slowapi rate limiter
0%
100%
Security headers middleware
0%
100%
Password minimum length
100%
100%
Password uppercase check
100%
100%
Password digit check
100%
100%
Password special character
100%
100%
Name max length
0%
100%
HPP query max_length
0%
100%
HPP array limit
0%
100%
No wildcard CORS origins
100%
100%
69%
-5%Configure a Production-Ready Nginx Reverse Proxy
Nginx SSL and reverse proxy hardening
TLS versions restricted
100%
100%
Cipher suites specified
100%
100%
ssl_prefer_server_ciphers on
100%
100%
Security headers present
100%
100%
HSTS includeSubDomains
100%
100%
client_max_body_size 10m
0%
100%
client timeouts set
100%
0%
HTTP method filtering
100%
70%
Rate limiting zone
0%
0%
Rate limit burst nodelay
50%
0%
X-Real-IP proxy header
100%
100%
X-Request-ID proxy header
0%
0%
HTTP to HTTPS redirect
100%
100%
- Repository
- secondsky/claude-skills
- Commit
88da5ff
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.