Security Skill
The security skill gives Claude deep knowledge of web security — CSP, XSS prevention, CORS, input validation, and security headers.
When It’s Active
Section titled “When It’s Active”Activated automatically when configuring security headers, preventing XSS, setting up CORS, or handling secrets.
What It Teaches Claude
Section titled “What It Teaches Claude”- Security headers (CSP, X-Frame-Options, HSTS, Referrer-Policy, Permissions-Policy)
- XSS prevention (textContent over innerHTML, sanitization, CSP)
- Input validation server-side with Zod
- CORS configuration with specific origins
- Environment variables and secrets management