This is your pre-deployment security checklist in runnable form. It walks you through testing CSRF protection (token validation, reuse prevention), rate limiting (verifies 429s kick in after threshold), input sanitization (XSS, length checks), security headers (CSP, X-Frame-Options), and auth boundaries. The real value is the copy-paste curl commands and automated test scripts that let you verify everything actually works before you ship. It's built around Node.js apps using Clerk for auth and assumes you've already implemented the security features. Think of it as the verification step, not the implementation guide. If you're deploying without testing your rate limits or CSRF tokens, this gives you the commands to prove they're working.
npx skills add https://github.com/harperaa/secure-claude-skills --skill security-testing-verification