This brings Spatie's battle-tested security checklist into your workflow when you're configuring apps, reviewing code, or hardening servers. It covers the fundamentals that are easy to forget under deadline pressure: CSRF tokens in forms, SSL everywhere, proper HTTP verbs for destructive actions, hashed passwords, encrypted API keys, SSH key-only authentication, and firewall rules that actually lock things down. The guidance is opinionated in a good way, like insisting on separate database users per database and managing servers through Ansible for quick access revocation. It won't teach you security from scratch, but it's a solid reference for teams who want to align on practical standards without writing their own security policy doc.
npx skills add https://github.com/spatie/guidelines-skills --skill spatie-security