Back to catalog

Addy security-and-hardening

A practical security hardening skill for web applications and public write surfaces.

Repository
addyosmani/agent-skills
Skill path
skills/security-and-hardening/SKILL.md
Systems
Claude Code, Codex, Cursor, Windsurf / Devin, OpenCode, Zed
Install
npx add-skill addyosmani/agent-skills
GitHub stars
48,672
Updated
2026-06-06
Source
README · SKILL.md

What it is

security-and-hardening is a security-first development skill. Its source file tells the agent to treat external input as hostile, secrets as sacred, and authorization as mandatory.

Why it is useful

Security review is one of the areas where generic coding agents most need explicit constraints. This skill is useful any time code touches user input, sessions, storage, APIs, uploads, payments, or personal data.

Best uses

  • Authentication and authorization changes.
  • Public endpoints, webhooks, callbacks, and file uploads.
  • Code that handles secrets, payments, or PII.

Notes

Use this as a gate, not as a guarantee. High-risk changes still need tests, manual review, and sometimes specialist security review.