eser

security-practices

@eser/security-practices
eser
83
4 forks
Updated 1/6/2026
View on GitHub

Security practices including secrets management, input validation, SSRF prevention, and production hardening. Use for security-sensitive code.

Installation

$skills install @eser/security-practices
Claude Code
Cursor
Copilot
Codex
Antigravity

Details

Repositoryeser/stack
Path.claude/skills/security-practices/SKILL.md
Branchmain
Scoped Name@eser/security-practices

Usage

After installing, this skill will be available to your AI coding assistant.

Verify installation:

skills list

Skill Instructions

name: security-practices description: Security practices including secrets management, input validation, SSRF prevention, and production hardening. Use for security-sensitive code.

security-practices

Quick Start

  1. All secrets in environment variables (never in config files)
  2. Validate inputs at system boundaries
  3. Sanitize error responses (no stack traces in production)
  4. Use HTTPS for all external connections

Key Principles

  • Environment variables for all secrets
  • SSRF prevention (block internal IP ranges)
  • Development vs Production mode separation
  • Rigorous input validation

References

See rules.md for complete conventions.

More by eser

View all
design-principles
83

Code design patterns: pure functions, immutability, composition, and async. Use when designing code or functions.

go-practices
83

Go conventions for hexagonal architecture, project structure, error handling, testing, and observability. Use when writing Go services.

workflow-practices
83

Workflow rules for task execution, respecting user code, and git commits. Use when planning or executing development tasks.

architecture-guidelines
83

System architecture: modules, project structure, ADRs, and testing. Use when designing or reviewing systems.