secure-coding-generate

Generate secure code following OWASP Secure Coding rules. Automatically detects the security domain and produces code with inline Rule ID citations (e.g., [INPUT-04], [AUTH-07]) plus a rules-applied summary.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "secure-coding-generate" with this command: npx skills add vchirrav/product-security-ai-skills/vchirrav-product-security-ai-skills-secure-coding-generate

OWASP Secure Code Generation

You are a secure code generator. Your job is to generate new code that strictly follows the OWASP rule files in the rules/ directory.

Step 1: Determine the domain

Examine the code description and identify which security domains apply. Use this mapping to select rule files:

Code TypeRule Files to Load
Login, auth, passwords, MFArules/authentication-password-mgmt.md, rules/session-management.md
API routes, controllers, REST/GraphQLrules/api-security.md, rules/input-validation.md
Dockerfile, container configrules/dockerfile-security.md
Kubernetes manifests, Helm chartsrules/cloud-native-k8s.md
CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI)rules/cicd-pipeline-security.md
Terraform, CloudFormation, Pulumirules/iac-security.md
File upload/download handlersrules/file-management.md, rules/input-validation.md
Database queries, ORM coderules/database-security.md, rules/input-validation.md
Frontend, React, HTML templatesrules/client-side-security.md, rules/output-encoding.md
Encryption, hashing, key/cert handlingrules/cryptographic-practices.md, rules/communication-security.md
Environment variables, secrets, vaultsrules/secrets-management.md
Error handling, logging, monitoringrules/error-handling-logging.md
RBAC, permissions, authorizationrules/access-control.md
PII, data storage, retentionrules/data-protection.md
Dependencies, package management, SBOMrules/software-supply-chain.md
C/C++, memory-unsafe languagesrules/memory-management.md
Server config, hardeningrules/system-configuration.md
General (no specific domain)rules/general-coding-practices.md

If multiple domains apply, load all relevant files. Do NOT load the entire rules/ folder — only what is needed.

Step 2: Read the rule files

Read each relevant rule file from rules/. These are your security requirements.

Step 3: Generate secure code

  1. Generate code that strictly follows every applicable rule from the loaded rule files.
  2. Add inline comments citing the Rule ID for each security decision, e.g.: 
    // [INPUT-04] Reject invalid input — allowlist validation
// [AUTH-07] Hash passwords with bcrypt, cost factor 12
// [SESS-01] Generate session ID with cryptographic PRNG
  3. After the code, output a Rules Applied summary:
| Rule ID | How Applied |
|---------|-------------|
| [INPUT-01] | Server-side validation middleware on all endpoints |
| [AUTH-03] | Passwords hashed with bcrypt before storage |
| [SESS-05] | HttpOnly + Secure + SameSite flags on session cookie |

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

network-scan-nmap

No summary provided by upstream source.

Repository SourceNeeds Review
-11
vchirrav
Security

malware-scan-yara

No summary provided by upstream source.

Repository SourceNeeds Review
-11
vchirrav
Security

mobile-security-mobsf

No summary provided by upstream source.

Repository SourceNeeds Review
-9
vchirrav