Description

🧑‍💻 This folder contains coding assistant rules to guide the assistant to generate "secure" code for different types of feature.

🔬 The idea is to:

1. Convert interesting proposals from the collection of proposals of this project into rules.
2. Allow me to learn how to create instructions for a coding assistant (claude code here) to allow to create secure code at the implementation time.

Rules

[!IMPORTANT]
Adapt these templates to the specific context of the application because, by default, I applied a very defensive approach. Such approach perhaps do not match the context of the application and its target security posture.

🗃️ All rules are created as skills and are stored into this folder.

📄 The convention to create a skills is specified into the CLAUDE.md file.

💡 If a skill has limitations or a specific behavior then it is documented into the metadata field named security-considerations.

Commands

✅ In Claude code use the command /validate-skill <SKILL_NAME> to validate the specified skills against conventions.

List & install skills

[!NOTE]
A bundle with all the skills is available via this file.

[!TIP]
A skills catalog is available via this file.

🧑‍💻 The tool skills can be used to list and install skills proposed by this repository:

# Refer to "https://github.com/vercel-labs/skills/blob/main/README.md" for more installation options
# List all proposed skills
npx -q skills@latest add righettod/code-assistant-skills-security-utils --list
# Install all proposed skills
npx -q skills@latest add righettod/code-assistant-skills-security-utils

References

• https://agentskills.io/specification
• https://github.com/agentskills/agentskills
• https://github.com/vercel-labs