← Back to Skills

Security

🌐Community
by alinaqi · vlatest · Repository

Identifies and mitigates potential cybersecurity threats using advanced threat intelligence and automated vulnerability scanning.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add alinaqi-security npx -- -y @trustedskills/alinaqi-security
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "alinaqi-security": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/alinaqi-security"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill enforces security best practices and automated security testing for projects, ensuring a baseline level of protection against common vulnerabilities. It emphasizes preventing sensitive information (like API keys and database credentials) from being committed to repositories and provides guidance on managing environment variables securely. The core principle is that all projects must pass security checks before merging changes.

When to use it

  • When setting up new development projects to ensure secure coding practices from the start.
  • During code reviews to identify potential security risks related to exposed secrets or improper configuration.
  • To standardize environment variable management across a team or organization.
  • Before committing code to repositories, ensuring sensitive data is excluded via .gitignore.
  • When migrating existing projects to improve their overall security posture.

Key capabilities

  • Gitignore Enforcement: Defines a mandatory .gitignore file to prevent the accidental commit of environment files, secrets, IDE settings, and build outputs.
  • Environment Variable Management: Provides guidelines for creating .env.example files with required variables (without values) and distinguishes between server-side only and client-exposed environment variables.
  • Secret Exposure Prevention: Highlights the dangers of exposing secrets in client-side code and provides examples of correct implementation.
  • Environment Validation: Includes example configuration for validating environment variables at startup using Zod (TypeScript) or Pydantic (Python).
  • Pre-Commit Security Checks: Suggests integrating a secret detection tool (Yelp/detect-secrets) into pre-commit hooks.

Example prompts

  • "Create a .gitignore file with the recommended security exclusions."
  • "Show me an example of how to securely store and access my Anthropic API key in a Next.js project."
  • "What environment variables are required for this project, and where should they be stored?"

Tips & gotchas

  • Mandatory Gitignore: The .gitignore file is non-negotiable; its contents must be adhered to strictly.
  • Client-Side Exposure: Be extremely careful about which environment variables are prefixed with VITE_ or NEXT_PUBLIC_, as these will be included in the client-side bundle and potentially exposed. Always verify this in browser devtools.
  • Server-Only Secrets: Secrets should always be accessed server-side, never directly from client-side code.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
alinaqi
Installs
117
Repository (canonical source) →

🌐 Community

Passed automated security scans.