Back to skills
SkillHub ClubRun DevOpsFull StackSecurity
web-security
Enforce web security and avoid security vulnerabilities
Packaged view
This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.
Stars
2
Hot score
79
Updated
March 20, 2026
Overall rating
C0.6
Composite score
0.6
Best-practice grade
B77.6
Install command
npx @skill-hub/cli install academind-ai-config-web-security
Repository
academind/ai-config
Skill path: skills/web-security
Enforce web security and avoid security vulnerabilities
Open repositoryBest for
Primary workflow: Run DevOps.
Technical facets: Full Stack, Security.
Target audience: everyone.
License: Unknown.
Original source
Catalog source: SkillHub Club.
Repository owner: academind.
This is still a mirrored public skill entry. Review the repository before installing into production workflows.
What it helps with
- Install web-security into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
- Review https://github.com/academind/ai-config before adding web-security to shared team environments
- Use web-security for development workflows
Works across
Claude CodeCodex CLIGemini CLIOpenCode
Favorites: 0.
Sub-skills: 0.
Aggregator: No.
Original source / Raw SKILL.md
--- name: web-security description: Enforce web security and avoid security vulnerabilities --- # Web Security We treat **web security as a core requirement**, not an afterthought. Assume hostile input and untrusted environments by default. ## Core Principles - **NEVER** trust user input - **ALWAYS** validate and sanitize data at boundaries - Prefer secure defaults over configurability ## XSS & Injection - **AVOID** `dangerouslySetInnerHTML` and raw HTML injection - Escape and encode dynamic content properly - Never interpolate untrusted data into HTML, CSS, or JS contexts - Ensure SQL injection protection ## Authentication & Authorization - Do not store secrets or tokens in insecure locations - **AVOID** localStorage for sensitive credentials when possible - Use HTTP-only, secure cookies where applicable - Always enforce authorization on the server ## Browser Security APIs - Respect CORS, CSP, and browser security boundaries - Use Content Security Policy to restrict script and resource execution - Avoid inline scripts and styles when CSP is enabled ## Data Handling - Minimize data exposure - Do not log sensitive information ## Dependencies & Supply Chain - Avoid unnecessary packages - Treat third-party code as untrusted input ## General Principles - Simplicity reduces attack surface - If unsure, choose the more restrictive option