Stats
Actions
Tags
From lt-dev
Framework-agnostic frontend security guide based on OWASP Secure Coding Practices. Covers XSS prevention, CSRF protection, Content Security Policy (CSP), secure cookie configuration, client-side authentication patterns, input validation, secure storage, and security headers. Activates for security audits, vulnerability reviews, XSS, CSRF, CSP, injection, security headers, or browser security questions in any web application. NOT for backend/NestJS security (use generating-nest-servers). NOT for Nuxt-specific implementation (use developing-lt-frontend).
How this skill is triggered — by the user, by Claude, or both
Slash command
/lt-dev:general-frontend-securityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Framework-agnostic security practices for web applications based on OWASP guidelines.
Framework-agnostic security practices for web applications based on OWASP guidelines.
| User Intent | Correct Skill |
|---|---|
| "XSS prevention best practices" | THIS SKILL |
| "Security audit of frontend" | THIS SKILL |
| "Configure CSP headers" | THIS SKILL |
| "Build a secure login page in Nuxt" | developing-lt-frontend |
| "Fix @Restricted decorator in NestJS" | generating-nest-servers |
| "Run npm audit fix" | maintaining-npm-packages |
| Command | Purpose |
|---|---|
/lt-dev:review | General security review of branch diff (framework-agnostic) |
/lt-dev:backend:sec-review | Security review of backend code changes (auth, decorators, models) |
/lt-dev:backend:sec-audit | Full OWASP security audit (dependencies, config, code) |
| Framework | Reference File |
|---|---|
| Nuxt/Vue | See developing-lt-frontend skill (reference/security.md) |
| Angular | angular-security.md |
innerHTML with user input; use textContent or DOMPurifySameSite cookiespnpm auditComplete OWASP reference with code examples: owasp-reference.md
npx claudepluginhub lennetech/claude-code --plugin lt-devImplements XSS prevention, CSP configuration, safe DOM manipulation, and client-side vulnerability fixes for secure frontend development.
Implements secure frontend coding practices for XSS prevention, safe DOM manipulation, output sanitization, Content Security Policy, and client-side vulnerability fixes.
Reviews frontend security risks: XSS, CSRF, sensitive data, unsafe DOM APIs, authentication, CSP, file uploads, and third-party scripts. Outputs a graded security report with file-level findings.