fullstack-guardian
Full-stack web application development with integrated security controls across frontend, backend, and database layers.
Works with
0
total installs
0
this week
7.9K
GitHub stars
0
upvotes
Install Skill
Run in your terminal
0
installs
0
this week
7.9K
stars
What it does
Enforces authentication, authorization, input validation, output encoding, and parameterized queries at every layer; includes security checklist and design templates for every feature
Covers complete workflows from database to UI: REST APIs with corresponding components, CRUD operations with forms, real-time features, and end-to-end data flows
Provides reference gui
Installation Guide
How to use fullstack-guardian on Cursor
AI-first code editor with Composer
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
- ›Cursor installed and configured on your machine
- ›Node.js 16+ with npm — verify with
node --version - ›Active project directory where you want to add
fullstack-guardian
Run the install command
Execute the skills CLI command in your project's root directory to begin installation:
Fetches fullstack-guardian from jeffallan/claude-skills and configures it for Cursor.
Select Cursor when prompted
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Verify installation
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate fullstack-guardian. Access via /fullstack-guardian in your agent's command palette.
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Documentation
Fullstack Guardian
Security-focused full-stack developer implementing features across the entire application stack.
Core Workflow
- Gather requirements - Understand feature scope and acceptance criteria
- Design solution - Consider all three perspectives (Frontend/Backend/Security)
- Write technical design - Document approach in
specs/{feature}_design.md - Security checkpoint - Run through
references/security-checklist.mdbefore writing any code; confirm auth, authz, validation, and output encoding are addressed - Implement - Build incrementally, testing each component as you go
- Hand off - Pass to Test Master for QA, DevOps for deployment
Reference Guide
Load detailed guidance based on context:
| Topic | Reference | Load When |
|---|---|---|
| Design Template | references/design-template.md |
Starting feature, three-perspective design |
| Security Checklist | references/security-checklist.md |
Every feature - auth, authz, validation |
| Error Handling | references/error-handling.md |
Implementing error flows |
| Common Patterns | references/common-patterns.md |
CRUD, forms, API flows |
| Backend Patterns | references/backend-patterns.md |
Microservices, queues, observability, Docker |
| Frontend Patterns | references/frontend-patterns.md |
Real-time, optimization, accessibility, testing |
| Integration Patterns | references/integration-patterns.md |
Type sharing, deployment, architecture decisions |
| API Design | references/api-design-standards.md |
REST/GraphQL APIs, versioning, CORS, validation |
| Architecture Decisions | references/architecture-decisions.md |
Tech selection, monolith vs microservices |
| Deliverables Checklist | references/deliverables-checklist.md |
Completing features, preparing handoff |
Constraints
MUST DO
- Address all three perspectives (Frontend, Backend, Security)
- Validate input on both client and server
- Use parameterized queries (prevent SQL injection)
- Sanitize output (prevent XSS)
- Implement proper error handling at every layer
- Log security-relevant events
- Write the implementation plan before coding
- Test each component as you build
MUST NOT DO
- Skip security considerations
- Trust client-side validation alone
- Expose sensitive data in API responses
- Hardcode credentials or secrets
- Implement features without acceptance criteria
- Skip error handling for "happy path only"
Three-Perspective Example
A minimal authenticated endpoint illustrating all three layers:
[Backend] — Authenticated route with parameterized query and scoped response:
@router.get("/users/{user_id}/profile", dependencies=[Depends(require_auth)])
async def get_profile(user_id: int, current_user: User = Depends(get_current_user)):
if current_user.id != user_id:
raise HTTPException(status_code=403, detail="Forbidden")
# Parameterized query — no raw string interpolation
row = await db.fetchone("SELECT id, name, email FROM users WHERE id = ?", (user_id,))
if not row:
raise HTTPException(status_code=404, detail="Not found")
return ProfileResponse(**row) # explicit schema — no password/token leakage
[Frontend] — Component calls the endpoint and handles errors gracefully:
async function fetchProfile(userId: number): Promise<Profile> {
const res = await apiFetch(`/users/${userId}/profile`); // apiFetch attaches auth header
if (!res.ok) throw new Error(await res.text());
return res.json();
}
// Client-side input guard (never the only guard)
if (!Number.isInteger(userId) || userId <= 0) throw new Error("Invalid user ID");
[Security]
- Auth enforced server-side via
require_authdependency; client header is a convenience, not the gate. - Response schema (
ProfileResponse) explicitly excludes sensitive fields. - 403 returned before any DB access when IDs don't match — no timing leak via 404.
Output Templates
When implementing features, provide:
- Technical design document (if non-trivial)
- Backend code (models, schemas, endpoints)
- Frontend code (components, hooks, API calls)
- Brief security notes
List & Monetize Your Skill
Submit your Claude Code skill and start earning
Use Cases
User Story & Requirements Generation
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Competitive Analysis
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Roadmap Prioritization
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
Make data-driven prioritization decisions faster
Stakeholder Communication
Draft PRDs, status updates, and stakeholder presentations
Example
Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement
Save 3-5 hours/week on communication overhead
Implementation Guide
Prerequisites
- ›Claude Desktop or compatible AI client
- ›Access to product documentation and roadmap tools (Jira, Notion, etc.)
- ›Understanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
- ›Stakeholder contact information and communication channels
Time Estimate
30-60 minutes to see productivity improvements
Steps
- 1Install product management skill
- 2Start with user story generation for known feature
- 3Progress to competitive analysis: research 2-3 competitors
- 4Use for roadmap prioritization: apply RICE/ICE scoring
- 5Draft stakeholder communications and refine based on feedback
- 6Build template library for recurring PM tasks
- 7Share effective prompts with product team
Common Pitfalls
- ⚠Not validating competitive research—verify facts before sharing
- ⚠Accepting user stories without involving engineering team
- ⚠Over-relying on frameworks without qualitative judgment
- ⚠Not customizing outputs to company culture and communication style
- ⚠Skipping stakeholder validation of generated requirements
Best Practices
✓ Do
- +Validate research and competitive analysis with real data
- +Collaborate with engineering when generating technical requirements
- +Customize frameworks and templates to your company context
- +Use skill for first drafts, refine with stakeholder input
- +Document successful prompt patterns for PM tasks
- +Combine AI efficiency with human judgment and intuition
✗ Don't
- −Don't publish competitive analysis without fact-checking
- −Don't finalize user stories without engineering review
- −Don't make prioritization decisions solely on AI scoring
- −Don't skip customer validation of generated requirements
- −Don't ignore company-specific context and culture
💡 Pro Tips
- ★Provide context: company goals, constraints, customer feedback
- ★Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
- ★Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
- ★Use skill for 70% generation + 30% customization to company needs
When to Use This
✓ Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
✗ Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
Learning Path
- 1Basic: user stories, feature specs, status updates
- 2Intermediate: competitive analysis, prioritization frameworks, PRDs
- 3Advanced: product strategy, go-to-market planning, OKR setting
- 4Expert: product vision, market positioning, business model innovation
Related Skills
grill-me
388mattpocock/skills
premortem
197parcadei/continuous-claude-v3
deslop
118cursor/plugins
framer-motion
99pproenca/dot-skills
write-a-prd
91mattpocock/skills
travel-planner
90ailabs-393/ai-labs-claude-skills
Reviews
- CChen Mensah★★★★★Dec 12, 2024
Keeps context tight: fullstack-guardian is the kind of skill you can hand to a new teammate without a long onboarding doc.
- DDaniel Kapoor★★★★★Dec 8, 2024
fullstack-guardian is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- CChen Okafor★★★★★Nov 27, 2024
Keeps context tight: fullstack-guardian is the kind of skill you can hand to a new teammate without a long onboarding doc.
- RRahul Santra★★★★★Nov 7, 2024
Useful defaults in fullstack-guardian — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- DDaniel Jain★★★★★Nov 3, 2024
fullstack-guardian is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- LLayla Haddad★★★★★Nov 3, 2024
Useful defaults in fullstack-guardian — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- PPratham Ware★★★★★Oct 26, 2024
Registry listing for fullstack-guardian matched our evaluation — installs cleanly and behaves as described in the markdown.
- JJames Bansal★★★★★Oct 22, 2024
fullstack-guardian reduced setup friction for our internal harness; good balance of opinion and flexibility.
- CChen Wang★★★★★Oct 18, 2024
We added fullstack-guardian from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- IIra Haddad★★★★★Sep 25, 2024
fullstack-guardian fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
showing 1-10 of 49
Discussion
Comments — not star reviews- No comments yet — start the thread.