This is your go-to when you need to implement auth flows, hash passwords with bcrypt, set up JWT tokens, or harden endpoints against the OWASP Top 10. It ships with working examples for parameterized queries, Zod validation, rate limiting, and security headers, plus explicit validation checkpoints so you can actually test for SQL injection and privilege escalation before shipping. The constraint list is helpful: it forces bcrypt over MD5, parameterized queries over string interpolation, and secrets in env vars. One thing that stands out is the full-flow endpoint example that ties everything together, from input validation through to httpOnly cookies. If you're writing custom security code rather than plugging in an auth provider, this keeps you from missing the obvious holes.
npx skills add https://github.com/jeffallan/claude-skills --skill secure-code-guardian