Summary
A solid starting point for locking down web apps with the usual suspects: Helmet for security headers, CSRF tokens, JWT auth with refresh rotation, and input sanitization through Joi and DOMPurify. It tackles the OWASP Top 10 with parameterized queries for SQL injection prevention and rate limiting for DDoS protection. Best used when spinning up a new project or doing a security audit on something public-facing. The implementation is Express-focused, so if you're on a different stack you'll need to adapt the patterns. It won't catch everything, but it covers the fundamentals that trip up most teams and gives you a checklist to work from.
Install to Claude Code
npx -y skills add supercent-io/skills-template --skill security-best-practices --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
