security-best-practices
Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies. Handles HTTPS, CORS, XSS, SQL Injection, CSRF, rate limiting, and OWASP Top 10.
88
82%
Does it follow best practices?
Impact
100%
1.49xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
100%
37%Secure an Express.js API for Production Launch
Express.js security middleware setup
Helmet usage
100%
100%
CSP defaultSrc
100%
100%
CSP objectSrc none
100%
100%
CSP frameSrc none
0%
100%
HSTS maxAge
0%
100%
HSTS includeSubDomains
100%
100%
HSTS preload
0%
100%
HTTPS redirect condition
50%
100%
HTTPS 301 redirect
100%
100%
General rate limiter
100%
100%
Rate limiter headers
100%
100%
Auth rate limiter
50%
100%
skipSuccessfulRequests
0%
100%
express-rate-limit package
100%
100%
100%
60%Implement Secure User Registration Endpoint
Input validation and injection prevention
Joi validation library
0%
100%
Email validation
0%
100%
Password min length
0%
100%
Password pattern
0%
100%
Name length bounds
0%
100%
Parameterized queries
100%
100%
No string interpolation in SQL
100%
100%
DOMPurify usage
0%
100%
No eval() usage
100%
100%
No direct innerHTML
100%
100%
Joi in package.json
0%
100%
DOMPurify in package.json
0%
100%
100%
Implement Secure JWT Authentication with Token Refresh
JWT auth with refresh token rotation
Access token 15m expiry
100%
100%
Refresh token 7d expiry
100%
100%
Refresh token stored in DB
100%
100%
Separate JWT secrets
100%
100%
Secrets from env vars
100%
100%
No hardcoded secrets
100%
100%
Old token invalidated
100%
100%
New tokens issued on refresh
100%
100%
New refresh token stored
100%
100%
jsonwebtoken package
100%
100%
- Repository
- supercent-io/skills-template
- Commit
c033769
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.