Alanamultiskillagent
Back to skills

security-best-practices

security

Reviews Python, JavaScript/TypeScript, and Go codebases for security vulnerabilities using language- and framework-specific guidance. Operates in three modes: writing secure-by-default code, passively

openaiopenai
|View all openai skills →

Setup & Installation

npx skills add https://github.com/openai/security-best-practices --skill security-best-practices
or paste the link and ask your coding assistant to install it
https://github.com/openai/security-best-practices
View on GitHub

What This Skill Does

Reviews Python, JavaScript/TypeScript, and Go codebases for security vulnerabilities using language- and framework-specific guidance. Operates in three modes: writing secure-by-default code, passively flagging critical issues during development, or generating a prioritized vulnerability report on request. Instead of manually cross-referencing OWASP docs and framework-specific advisories, it loads the right reference material for your exact stack and applies it directly to your code.

When to use it

  • Working with security best practices functionality
  • Implementing security best practices features
  • Debugging security best practices related issues

Similar Skills

audit-context-building

A structured analysis skill for the pre-audit phase of code review. It guides Claude through line-by-line function analysis, cross-boundary call tracing, and invariant mapping before any vulnerability

auth0-android

Adds authentication to native Android apps using the Auth0 SDK. Supports Web Auth login/logout, biometric-protected credentials, secure token storage, passwordless login, and MFA. Works with both Kotl

auth0-angular

Adds authentication to Angular apps using the @auth0/auth0-angular SDK. Handles login/logout flows, route guards, HTTP interceptors for attaching tokens, and user profile access through observables. W

auth0-aspnetcore-api

Adds JWT access token validation to ASP.NET Core Web APIs using Auth0. It handles bearer token authentication, scope and permission checks, and supports DPoP proof-of-possession token binding. Works w