This is Claude's security-first mindset codified. It assumes hostile input by default and treats web security as a core requirement, not something you bolt on later. You get clear rules on XSS prevention, proper authentication patterns, and safe data handling across boundaries. It steers you away from dangerous patterns like dangerouslySetInnerHTML and localStorage for credentials while pushing secure defaults over flexibility. The guidance is opinionated and restrictive, which is exactly what you want when security matters. Use this when building anything that touches user data or faces the public internet.
npx skills add https://github.com/academind/ai-config --skill web-security