secure▌

Custom security implementations for authentication, authorization, input validation, and OWASP Top 10 vulnerability prevention. \n \n Covers password hashing (bcrypt/argon2), parameterized SQL queries, JWT validation, and rate limiting with explicit code examples \n Includes validation checkpoints for authentication (brute-force, session fixation, token expiration), authorization (privilege escalation), input handling (SQL injection, XSS), and security headers \n Enforces must-do constraints: ha

Use this skill to turn a cloud server into a safely reachable web host without leaning on stale distro-specific memory or outdated Debian-10-era tutorials.

For conceptual questions ("How does Ownable work?"), explain without generating code. For implementation requests, proceed with the workflow below.

This skill is for securing your app's code and data. For regulatory compliance (HIPAA, SOC 2, GDPR), use compliance. For pre-launch readiness checks, use go-live. For environment variable setup during deployment, use deploy. For database-level security (Row Level Security), use database.

Smart contract security review through Trail of Bits' 5-step workflow with automated scanning, visual analysis, and property documentation. \n \n Runs Slither with 70+ detectors to identify known vulnerabilities, then checks for special features like upgradeability risks, ERC conformance, and token integration patterns \n Generates three security diagrams (inheritance graph, function visibility, state variable authorization) to reveal architectural vulnerabilities that text descriptions miss \n

Use this skill for the conservative "deploy first, expose later" pattern for OpenClaw on a cloud server.