csrf AI Agent Skills
Browse 84 skills related to csrf
springboot-security
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
django-security
Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.
clerk-auth
Clerk auth with API Keys beta (Dec 2025), Next.js 16 proxy.ts (March 2025 CVE context), API version 2025-11-10 breaking changes, clerkMiddleware() options, webhooks, production considerations (GCP outages), and component reference. Prevents 15 documented errors. Use when: API keys for users/orgs, Next.js 16 middleware filename, troubleshooting JWKS/CSRF/JWT/token-type-mismatch errors, webhook verification, user type inconsistencies, or testing with 424242 OTP.
csrf-protection-validator
Csrf Protection Validator - Auto-activating skill for Security Fundamentals. Triggers on: csrf protection validator, csrf protection validator Part of the Security Fundamentals skill category.
csrf-testing
CSRF跨站请求伪造测试的专业技能和方法论
hono-routing
Build type-safe APIs with Hono for Cloudflare Workers, Deno, Bun, Node.js. Routing, middleware, validation (Zod/Valibot), RPC, streaming (SSE), WebSocket, security (CSRF, secureHeaders). Use when: building Hono APIs, streaming SSE, WebSocket, validation, RPC. Troubleshoot: validation hooks, RPC types, middleware chains, JWT verify algorithm required (v4.11.4+), body consumed errors.
wordpress-plugin-core
Build secure WordPress plugins with hooks, database interactions, Settings API, custom post types, and REST API. Covers Simple, OOP, and PSR-4 architecture patterns plus the Security Trinity. Includes WordPress 6.7-6.9 breaking changes. Use when creating plugins or troubleshooting SQL injection, XSS, CSRF, REST API vulnerabilities, wpdb::prepare errors, nonce edge cases, or WordPress 6.8+ bcrypt migration.
MCP OAuth Cloudflare
Add OAuth authentication to MCP servers on Cloudflare Workers. Uses @cloudflare/workers-oauth-provider with Google OAuth for Claude.ai-compatible authentication. Prevents 9 documented errors including RFC 8707 audience bugs, Claude.ai connection failures, and CSRF vulnerabilities. Use when building MCP servers that need user authentication, implementing Dynamic Client Registration (DCR) for Claude.ai, or replacing static auth tokens with OAuth flows. Includes workarounds for production redirect URI mismatches and re-auth loop issues.
flask
Build Python web apps with Flask using application factory pattern, Blueprints, and Flask-SQLAlchemy. Prevents 9 documented errors including stream_with_context teardown issues, async/gevent conflicts, and CSRF cache problems. Use when: creating Flask projects, organizing blueprints, or troubleshooting circular imports, context errors, registration, streaming, or authentication.
phase-7-seo-security
Skill for enhancing search optimization (SEO) and security. Covers meta tags, semantic HTML, and security vulnerability checks. Use proactively when user asks about search ranking, security hardening, or vulnerability fixes. Triggers: SEO, security, meta tags, XSS, CSRF, 보안, セキュリティ, 安全, seguridad, etiquetas meta, optimización de búsqueda, sécurité, balises méta, optimisation pour les moteurs de recherche, Sicherheit, Meta-Tags, Suchmaschinenoptimierung, sicurezza, tag meta, ottimizzazione per i motori di ricerca Do NOT use for: backend-only APIs, internal tools, or basic development setup.
tool-better-auth
Use when implementing authentication with Better Auth in a TypeScript/Next.js app (session strategy, providers, cookies, CSRF, redirects, middleware, and security best practices).
code-review
Frontend-focused code review skill for React/TypeScript/Tailwind projects. Analyzes code quality, security vulnerabilities (XSS, CSRF), performance issues, accessibility (WCAG), React best practices, hooks usage, component architecture, responsive design, and SEO. Use when users request code review, want feedback on components, ask about frontend security, performance optimization, or accessibility compliance. Provides actionable feedback with severity levels and fix suggestions.
TypeScript Security Review
Provides a comprehensive security review capability for TypeScript and Node.js applications. It validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure. Use this when performing security audits, before deployment, when reviewing authentication/authorization implementations, or when ensuring OWASP compliance for Express, NestJS, and Next.js. Triggers on "security review", "check for security issues", "TypeScript security audit".
owasp-security
Implement secure coding practices following OWASP Top 10. Use when preventing security vulnerabilities, implementing authentication, securing APIs, or conducting security reviews. Triggers on OWASP, security, XSS, SQL injection, CSRF, authentication security, secure coding, vulnerability.
PHP Security Patterns
Use when essential PHP security patterns including input validation, SQL injection prevention, XSS protection, CSRF tokens, password hashing, secure session management, and defense-in-depth strategies for building secure PHP applications.
session-management
Implement secure session management systems with JWT tokens, session storage, token refresh, logout handling, and CSRF protection. Use when managing user authentication state, handling token lifecycle, and securing sessions.
csrf-protection
Implement Cross-Site Request Forgery (CSRF) protection using tokens, SameSite cookies, and origin validation. Use when building forms and state-changing operations.
security-testing
Identify security vulnerabilities through SAST, DAST, penetration testing, and dependency scanning. Use for security test, vulnerability scanning, OWASP, SQL injection, XSS, CSRF, and penetration testing.
security-patterns
Implement comprehensive security patterns to protect applications against OWASP Top 10 vulnerabilities including XSS, CSRF, SQL injection, authentication bypass, and data exposure. Use when handling user data, implementing authentication and authorization, validating input, encrypting sensitive data, preventing injection attacks, securing API endpoints, managing sessions and tokens, implementing rate limiting, configuring security headers, or building security-critical features that require defense-in-depth protection.
security-django
Review Django security audit patterns for settings and middleware. Use for auditing SECRET_KEY, DEBUG, CSRF, and auth decorators. Use proactively when reviewing Django apps (settings.py or manage.py present). Examples: - user: "Audit my Django settings.py" → check SECRET_KEY, DEBUG, and ALLOWED_HOSTS - user: "Check Django views for auth" → verify @login_required and permission classes - user: "Review Django CSRF config" → check middleware and @csrf_exempt usage - user: "Scan for SQL injection in Django" → find raw SQL usage instead of ORM - user: "Audit Django REST framework config" → check default permissions and auth
OWASP ZAP Security Scanner
Automated web application security scanning using OWASP ZAP for finding XSS, SQL injection, CSRF, and other OWASP Top 10 vulnerabilities.
csrf-protection
Implements CSRF protection using synchronizer tokens, double-submit cookies, and SameSite attributes. Use when securing web forms, protecting state-changing endpoints, or implementing defense-in-depth authentication.
Cybersecurity
Security engineering that protects applications, data, and users from real-world threats. Use when the following terms are mentioned: security, authentication, authorization, encryption, OWASP, vulnerability, XSS, SQL injection, CSRF, secrets, password, JWT, OAuth, permissions, audit, compliance.
rails-ai:security
CRITICAL - Use when securing Rails applications - XSS, SQL injection, CSRF, file uploads, command injection prevention
security
One breach = game over. Threat modeling, OWASP Top 10, secure coding, security architecture, zero trust. The complete security skill for protecting your application from day one. Security isn't a feature you add later - it's a mindset that shapes every decision. This skill covers application security, not infrastructure security. Use when "security, owasp, xss, sql injection, csrf, authentication, authorization, secrets, api key, vulnerability, secure coding, security headers, rate limiting, input validation, sanitize, escape, security, owasp, authentication, authorization, vulnerabilities, secure-coding" mentioned.
security-owasp
Expert at securing web applications against OWASP Top 10 vulnerabilities. Covers authentication, authorization, input validation, XSS prevention, CSRF protection, secure headers, and security testing. Treats security as a first-class requirement, not an afterthought. Use when "security, OWASP, XSS, CSRF, SQL injection, authentication security, authorization, input validation, secure headers, vulnerability, penetration testing, security, owasp, authentication, authorization, xss, csrf, injection, headers" mentioned.
security-hardening
World-class application security - OWASP Top 10, secure coding patterns, and the battle scars from security incidents that could have been preventedUse when "security, secure, vulnerability, injection, xss, csrf, authentication, authorization, owasp, encryption, secret, password, token, sanitize, validate, escape, encode, harden, security, owasp, injection, xss, csrf, authentication, authorization, encryption, secrets, hardening" mentioned.
wordpress-plugin-core
Build secure WordPress plugins with core patterns for hooks, database interactions, Settings API, custom post types, REST API, and AJAX. Covers three architecture patterns (Simple, OOP, PSR-4) and the Security Trinity. Use when creating plugins, implementing nonces/sanitization/escaping, working with $wpdb prepared statements, or troubleshooting SQL injection, XSS, CSRF vulnerabilities, or plugin activation errors.
clerk-auth
Clerk auth with API version 2025-11-10 breaking changes (billing endpoints, payment_source→payment_method), Next.js v6 async auth(), PKCE for custom OAuth, credential stuffing defense. Use when: troubleshooting "Missing Clerk Secret Key", JWKS errors, authorizedParties CSRF, JWT size limits (1.2KB), 431 header errors (Vite dev mode), or testing with 424242 OTP.
agentic-jumpstart-security
Security best practices for TanStack Start applications with React 19, Drizzle ORM, PostgreSQL, Stripe, OAuth, and AWS S3/R2. Use when writing secure code, implementing authentication, handling payments, protecting API endpoints, validating input, preventing XSS/CSRF/SQL injection, or when the user mentions security, vulnerabilities, or authentication.
security
Security guidelines for secure coding and code review. This skill should be used when architecting/designing systems, writing code, or reviewing code. Use proactively when discussing vulnerabilities, OWASP, injection attacks, XSS, CSRF, SQL injection, authentication, authorization, access control, encryption, secrets management, input validation, or secure coding practices. (user)
fiber-routing-and-csrf-protection
Focuses on routing, CSRF protection, context handling, and template usage within the internal handlers directory.
wordpress-security-validation
Security-first WordPress development with nonces, sanitization, validation, and escaping to prevent XSS, CSRF, and SQL injection vulnerabilities.
Top 100 Web Vulnerabilities Reference
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories.
salvo-csrf
Implement CSRF (Cross-Site Request Forgery) protection using cookie or session storage. Use for protecting forms and state-changing endpoints.
Auth Security Reviewer
Reviews authentication and authorization implementation for session management, CSRF, cookie security, and auth flow vulnerabilities with findings, severity assessment, and fix recommendations. Use for "auth review", "session security", "CSRF protection", or "authentication audit".
Auth Module Builder
Implements secure authentication patterns including login and registration, session management, JWT access and refresh tokens, password hashing, cookie configuration, and CSRF protection. Provides authentication routes, middleware, security configurations, and threat-model documentation. Use when building authentication, a login system, JWT-based auth, or session management.
owasp-zap
Assists with finding security vulnerabilities in web applications using OWASP ZAP. Use when configuring automated scans, writing scan policies, integrating security scanning into CI/CD pipelines, or analyzing results for OWASP Top 10 vulnerabilities like XSS, SQL injection, and CSRF. Trigger words: owasp zap, security scan, vulnerability scanner, penetration testing, zap-baseline, active scan, passive scan.
WordPress Plugin Core
This skill provides comprehensive knowledge for WordPress plugin development, covering core patterns, security best practices, database interactions, hooks/filters, Settings API, custom post types, REST API, and AJAX. This skill should be used when creating WordPress plugins, troubleshooting security issues, implementing custom post types/taxonomies, building admin interfaces, or working with the WordPress database. Use when: Creating new WordPress plugins, implementing nonces/sanitization/escaping, working with $wpdb and prepared statements, building Settings API pages, registering custom post types or taxonomies, implementing REST API endpoints, handling AJAX requests, debugging plugin activation/deactivation issues, preventing SQL injection/XSS/CSRF vulnerabilities. Keywords: wordpress plugin development, wordpress security, wordpress hooks, wordpress filters, wordpress database, wpdb prepare, sanitize_text_field, esc_html, wp_nonce, custom post type, register_post_type, settings api, rest api, admin-ajax, wordpress sql injection, wordpress xss, wordpress csrf, plugin header, activation hook, deactivation hook, wordpress coding standards, wordpress plugin architecture
performing-security-testing
Automate security vulnerability testing covering OWASP Top 10, SQL injection, XSS, CSRF, and authentication issues. Use when performing security assessments, penetration tests, or vulnerability scans. Trigger with phrases like "scan for vulnerabilities", "test security", or "run penetration test".
security-expert
Assuming OWASP fundamentals, design, implement, and review without dropping secure-by-default controls (input validation/authorization/secrets/audit logs/SSR/CSRF, etc.). Identify threats and attack surfaces and use least privilege and safe-failure principles to protect.
validating-csrf-protection
Validate CSRF protection implementations for security gaps. Use when reviewing form security or state-changing operations. Trigger with 'validate CSRF', 'check CSRF protection', or 'review token security'.
security-patterns
Security patterns and OWASP guidelines. Triggers on: security review, OWASP, XSS, SQL injection, CSRF, authentication, authorization, secrets management, input validation, secure coding.
sinatra-security
Security best practices for Sinatra applications including input validation, CSRF protection, and authentication patterns. Use when hardening applications or conducting security reviews.
form-security
Security patterns for web forms including autocomplete attributes for password managers, CSRF protection, XSS prevention, and input sanitization. Use when implementing authentication forms, payment forms, or any form handling sensitive data.
Spring Boot Security
Spring Security 7 implementation for Spring Boot 4. Use when configuring authentication, authorization, OAuth2/JWT resource servers, method security, or CORS/CSRF. Covers the mandatory Lambda DSL migration, SecurityFilterChain patterns, @PreAuthorize, and password encoding. For testing secured endpoints, see spring-boot-testing skill.
security-checklist
This skill should be used for OWASP, security review, authentication, XSS, SQL injection prevention, CSRF, input validation, secure coding, vulnerability scanning
security-django
Review Django security audit patterns for settings and middleware. Use for auditing SECRET_KEY, DEBUG, CSRF, and auth decorators. Use proactively when reviewing Django apps (settings.py or manage.py present). Examples: - user: "Audit my Django settings.py" → check SECRET_KEY, DEBUG, and ALLOWED_HOSTS - user: "Check Django views for auth" → verify @login_required and permission classes - user: "Review Django CSRF config" → check middleware and @csrf_exempt usage - user: "Scan for SQL injection in Django" → find raw SQL usage instead of ORM - user: "Audit Django REST framework config" → check default permissions and auth