Senior Security
Apply senior-level cryptography and application-security patterns while implementing auth, data protection, and secure code structure in a real codebase.
Overview
senior-security is an agent skill most often used in Ship (also Build backend, Operate secrets posture) that guides cryptography implementation and application-security patterns for production code.
Install
npx skills add https://github.com/davila7/claude-code-templates --skill senior-securityWhat is this skill?
- Cryptography implementation overview with pattern-based guidance for production code
- Documented security best practices: input validation, authentication, authorization, and data protection
- Code organization and performance considerations framed for security-sensitive modules
- Anti-patterns section calling out what not to do in crypto and security design
- TypeScript-oriented implementation examples for reusable security structures
Adoption & trust: 740 installs on skills.sh; 27.8k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are implementing crypto or auth in your product but lack a consistent senior-security playbook and keep drifting into insecure shortcuts.
Who is it for?
Indie builders shipping customer-facing software who want agent-assisted secure coding structure beyond generic lint rules.
Skip if: Teams needing formal penetration-test reports, compliance certification automation, or security skills with zero hands-on coding context.
When should I use this skill?
You are implementing or reviewing cryptography, authentication, authorization, or data protection in application code.
What do I get? / Deliverables
Your agent proposes structured security patterns, validated inputs, and explicit anti-pattern avoidance aligned with the skill’s cryptography and appsec sections.
- Security-oriented code patterns and module structure recommendations
- Documented anti-pattern avoidance notes for crypto and access control
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Ship/security is the canonical shelf because the skill emphasizes secure implementation, validation, and anti-patterns right before and after code reaches users. Security subphase matches cryptography implementation, authn/z guidance, and explicit security best-practice sections in the skill body.
Where it fits
Structure encryption and token handling modules before exposing new API routes.
Apply input validation and authorization patterns during pre-launch security pass.
Revisit secrets and data-protection trade-offs after a production incident.
How it compares
Use as an in-agent security engineering playbook, not as a substitute for dedicated SAST/DAST tools or a managed secrets platform.
Common Questions / FAQ
Who is senior-security for?
Solo and small-team developers implementing cryptography, authentication, and data protection in TypeScript-friendly stacks with agent assistance.
When should I use senior-security?
During Build on backend integrations, at Ship for security hardening before launch, and in Operate when revisiting secrets handling and data-protection fixes.
Is senior-security safe to install?
It provides advisory patterns only; review the Security Audits panel on this page and never treat any skill as a formal security audit.
SKILL.md
READMESKILL.md - Senior Security
# Cryptography Implementation ## Overview This reference guide provides comprehensive information for senior security. ## Patterns and Practices ### Pattern 1: Best Practice Implementation **Description:** Detailed explanation of the pattern. **When to Use:** - Scenario 1 - Scenario 2 - Scenario 3 **Implementation:** ```typescript // Example code implementation export class Example { // Implementation details } ``` **Benefits:** - Benefit 1 - Benefit 2 - Benefit 3 **Trade-offs:** - Consider 1 - Consider 2 - Consider 3 ### Pattern 2: Advanced Technique **Description:** Another important pattern for senior security. **Implementation:** ```typescript // Advanced example async function advancedExample() { // Code here } ``` ## Guidelines ### Code Organization - Clear structure - Logical separation - Consistent naming - Proper documentation ### Performance Considerations - Optimization strategies - Bottleneck identification - Monitoring approaches - Scaling techniques ### Security Best Practices - Input validation - Authentication - Authorization - Data protection ## Common Patterns ### Pattern A Implementation details and examples. ### Pattern B Implementation details and examples. ### Pattern C Implementation details and examples. ## Anti-Patterns to Avoid ### Anti-Pattern 1 What not to do and why. ### Anti-Pattern 2 What not to do and why. ## Tools and Resources ### Recommended Tools - Tool 1: Purpose - Tool 2: Purpose - Tool 3: Purpose ### Further Reading - Resource 1 - Resource 2 - Resource 3 ## Conclusion Key takeaways for using this reference guide effectively. # Penetration Testing Guide ## Overview This reference guide provides comprehensive information for senior security. ## Patterns and Practices ### Pattern 1: Best Practice Implementation **Description:** Detailed explanation of the pattern. **When to Use:** - Scenario 1 - Scenario 2 - Scenario 3 **Implementation:** ```typescript // Example code implementation export class Example { // Implementation details } ``` **Benefits:** - Benefit 1 - Benefit 2 - Benefit 3 **Trade-offs:** - Consider 1 - Consider 2 - Consider 3 ### Pattern 2: Advanced Technique **Description:** Another important pattern for senior security. **Implementation:** ```typescript // Advanced example async function advancedExample() { // Code here } ``` ## Guidelines ### Code Organization - Clear structure - Logical separation - Consistent naming - Proper documentation ### Performance Considerations - Optimization strategies - Bottleneck identification - Monitoring approaches - Scaling techniques ### Security Best Practices - Input validation - Authentication - Authorization - Data protection ## Common Patterns ### Pattern A Implementation details and examples. ### Pattern B Implementation details and examples. ### Pattern C Implementation details and examples. ## Anti-Patterns to Avoid ### Anti-Pattern 1 What not to do and why. ### Anti-Pattern 2 What not to do and why. ## Tools and Resources ### Recommended Tools - Tool 1: Purpose - Tool 2: Purpose - Tool 3: Purpose ### Further Reading - Resource 1 - Resource 2 - Resource 3 ## Conclusion Key takeaways for using this reference guide effectively. # Security Architecture Patterns ## Overview This reference guide provides comprehensive information for senior security. ## Patterns and Practices ### Pattern 1: Best Practice Implementation **Description:** Detailed explanation of the pattern. **When to Use:** - Scenario 1 - Scenario 2 - Scenario 3 **Implementation:** ```typescript // Example code implementation export class Example { // Implementation details } ``` **Benefits:** - Benefit 1 - Benefit 2 - Benefit 3 **Trade-offs:** - Consider 1 - Consider 2 - Consider 3 ### Pattern 2: Advanced Technique **Description:** Another important pattern for senior security. **Implementation:** ```typescript // Advanced example async function advancedExample() { // Code here } ``` ## G