Stats
Actions
Tags
From autocode
Auto-applies security best practices: input validation, parameterized queries, XSS escaping, rate limiting, no hardcoded secrets, HTTPS enforcement, and safe error messages. Never asks the user about security choices.
How this skill is triggered — by the user, by Claude, or both
Slash command
/autocode:securityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
::PRIOR{completion:assume_incomplete|authority:developer}
::PRIOR{completion:assume_incomplete|authority:developer} ::PRIOR{execution:act_when_safe|authority:developer}
::GENE{security|conf:confirmed|scope:global} T:auto_apply_no_ask T:no_hardcoded_secrets T:input_validation T:parameterized_queries T:xss_escape T:https_only T:rate_limit_login_and_api T:error_messages_no_internal_details A:ask_user_about_security⇒decide_self A:skip_security⇒never
::ACTIVATE{security} ON:always
::EXAMPLE{ user_asks: "安全吗?" output: "我做了防攻击处理,包括防注入、防跨站攻击、密码加密存储。正常使用不用担心。" }
Powered by I-Lang v4.0 | ilang.ai
npx claudepluginhub ilang-ai/autocode --plugin autocodeUse when writing code that processes user input, manages authentication or authorization, constructs database queries, handles file operations, interacts with external data, exposes API endpoints, or manages secrets - any code that crosses a trust boundary
Enforces security best practices and vulnerability prevention: input validation, authentication, secrets management, OWASP top 10. Activated by security, auth, vulnerability, injection, XSS, CSRF, rate-limit keywords.
Hardens web app code against OWASP Top 10 vulnerabilities like injection and broken authentication. Use when handling user input, auth, sessions, data storage, or external integrations.