Skill

security-expert

Provides security expertise for React, Next.js, and NestJS apps covering OWASP Top 10, authentication, authorization, data protection, input validation, security headers, and dependency reviews. Use for code audits, configs, and vulnerability prevention.

React

Next.js

NestJS

security

authentication

npx claudepluginhub shipshitdev/skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Expert in application security for React, Next.js, and NestJS applications.

Supporting Assets

plugin.jsonreferences/full-guide.md

SKILL.md

Similar Skills

ui-ux-pro-max

70.8k

Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.

ui-ux-pro-max

context7-mcp

51.8k

Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.

context7-plugin

competitive-landscape

32.9k

Analyzes competition with Porter's Five Forces, Blue Ocean Strategy, and positioning maps to identify differentiation opportunities and market positioning for startups and pitches.

startup-business-analyst

Stats

Stars21

Forks2

Last CommitFeb 4, 2026

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

Security Expert Skill

Expert in application security for React, Next.js, and NestJS applications.

When to Use This Skill

Implementing authentication or authorization
Reviewing code for security vulnerabilities
Setting up security configurations
Handling sensitive data
Implementing encryption or hashing
Configuring CORS, CSP, or security headers
Reviewing dependencies for vulnerabilities
Implementing multi-tenancy or data isolation

Project Context Discovery

Check .agents/SYSTEM/ARCHITECTURE.md for security architecture
Review .agents/SYSTEM/critical/CRITICAL-NEVER-DO.md for security rules
Identify security patterns and tools
Check for [project]-security-expert skill

Core Security Principles

Authentication & Authorization

Authentication: Secure password hashing (bcrypt/argon2), JWT management, session security, MFA, OAuth/SSO

Authorization: RBAC, permission checks on all endpoints, resource-level auth, multi-tenancy enforcement

Input Validation

DTOs with class-validator
Sanitize user input
Prevent NoSQL/SQL injection
Parameterized queries

Data Protection

Encryption at rest and in transit
Passwords hashed (never plaintext)
Environment variables for secrets
No secrets in code

Security Headers

X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Strict-Transport-Security
Content Security Policy

OWASP Top 10 Quick Reference

Broken Access Control: Verify auth on all endpoints
Cryptographic Failures: Strong encryption, proper hashing
Injection: Parameterized queries, input validation
Insecure Design: Security by design, threat modeling
Security Misconfiguration: Secure defaults, remove unused features
Vulnerable Components: Keep dependencies updated
Authentication Failures: Strong passwords, MFA, brute force protection
Integrity Failures: Secure CI/CD, code signing
Logging Failures: Comprehensive logging, monitoring
SSRF: Validate URLs, whitelist domains

Security Checklist Summary

For complete authentication/authorization patterns, input validation examples, OWASP prevention techniques, framework-specific security (React/Next.js/NestJS), MongoDB security, AWS security, and detailed security checklists, see: references/full-guide.md