This walks through the OWASP Top 10 with side-by-side code comparisons showing vulnerable patterns and their fixes. You get examples for everything from broken access control and IDOR prevention to SQL injection, cryptographic failures, and rate limiting. The parameterized query examples alone are worth having on hand when you're doing security reviews or onboarding someone who hasn't seen an injection attack. It covers TypeScript/Node.js with real libraries like bcrypt, helmet, and zod, so you can actually copy patterns into your codebase. Honestly most useful as a reference when you know something is wrong but need to remember the correct way to handle session cookies or encrypt sensitive data.
npx skills add https://github.com/hoodini/ai-agents-skills --skill owasp-security