This implements environment-aware error handling that shows full stack traces in development but returns generic messages in production, preventing information leakage that attackers use for reconnaissance. You get five handlers for different HTTP status codes: handleApiError for 500s, handleValidationError for 400s, handleForbiddenError for 403s, handleUnauthorizedError for 401s, and handleNotFoundError for 404s. All errors get logged server-side with full context while clients only see safe messages. The approach is straightforward and solves a real problem: detailed error messages revealing database schemas, file paths, dependency versions, and system info that make attacks easier. Use this in any API route where you're catching errors and want to stop leaking implementation details to users.
npx skills add https://github.com/harperaa/secure-claude-skills --skill secure-error-handling