This is a comprehensive security checklist that assumes you'll leak secrets and get pwned if you don't follow it. It sets up gitignore patterns, environment variable handling with framework-specific prefixes (VITE_, NEXT_PUBLIC_), and pre-commit hooks that scan for secrets and vulnerable dependencies. You get a bash script that blocks commits containing .env files, GitHub Actions workflows for TruffleHog and CodeQL, and OWASP input validation patterns. The paranoid tone is actually helpful because it treats security as non-negotiable rather than optional. Best used when starting a new project or adding security scanning to an existing codebase that handles auth or API keys.
npx skills add https://github.com/alinaqi/claude-bootstrap --skill security