software-security

A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "software-security" with this command: npx skills add cosai-oasis/project-codeguard/cosai-oasis-project-codeguard-software-security

Software Security Skill (Project CodeGuard)

This skill provides comprehensive security guidance to help AI coding agents generate secure code and prevent common vulnerabilities. It is based on Project CodeGuard, an open-source, model-agnostic security framework that embeds secure-by-default practices into AI coding workflows.

When to Use This Skill

This skill should be activated when:

  • Writing new code in any language
  • Reviewing or modifying existing code
  • Implementing security-sensitive features (authentication, cryptography, data handling, etc.)
  • Working with user input, databases, APIs, or external services
  • Configuring cloud infrastructure, CI/CD pipelines, or containers
  • Handling sensitive data, credentials, or cryptographic operations

How to Use This Skill

When writing or reviewing code:

  1. Always-Apply Rules: Some rules MUST be checked on every code operation:
  • codeguard-1-hardcoded-credentials.md - Never hardcode secrets, passwords, API keys, or tokens
  • codeguard-1-crypto-algorithms.md - Use only modern, secure cryptographic algorithms
  • codeguard-1-digital-certificates.md - Validate and manage digital certificates securely
  1. Context-Specific Rules: Apply rules from /rules directory based on the language of the feature being implemented using the table given below:
LanguageRule Files to Apply
apexcodeguard-0-input-validation-injection.md
ccodeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-data-storage.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-safe-c-functions.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
cppcodeguard-0-safe-c-functions.md
dcodeguard-0-iac-security.md
dockercodeguard-0-devops-ci-cd-containers.md, codeguard-0-supply-chain-security.md
gocodeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
htmlcodeguard-0-client-side-web-security.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md
javacodeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-mobile-apps.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
javascriptcodeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-mcp-security.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-supply-chain-security.md
kotlincodeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-framework-and-languages.md, codeguard-0-mobile-apps.md
matlabcodeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md
perlcodeguard-0-mobile-apps.md
phpcodeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
powershellcodeguard-0-devops-ci-cd-containers.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md
pythoncodeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
rubycodeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md
rustcodeguard-0-mcp-security.md
shellcodeguard-0-devops-ci-cd-containers.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md
sqlcodeguard-0-data-storage.md, codeguard-0-input-validation-injection.md
swiftcodeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-mobile-apps.md
typescriptcodeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md
vlangcodeguard-0-client-side-web-security.md
xmlcodeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-framework-and-languages.md, codeguard-0-mobile-apps.md, codeguard-0-xml-and-serialization.md
yamlcodeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authorization-access-control.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-logging.md, codeguard-0-privacy-data-protection.md, codeguard-0-supply-chain-security.md
  1. Proactive Security: Don't just avoid vulnerabilities-actively implement secure patterns:
  • Use parameterized queries for database access
  • Validate and sanitize all user input
  • Apply least-privilege principles
  • Use modern cryptographic algorithms and libraries
  • Implement defense-in-depth strategies

CodeGuard Security Rules

The security rules are available in the rules/ directory.

Usage Workflow

When generating or reviewing code, follow this workflow:

1. Initial Security Check

Before writing any code:

  • Check: Will this handle credentials? → Apply codeguard-1-hardcoded-credentials
  • Check: What language am I using? → Identify applicable language-specific rules
  • Check: What security domains are involved? → Load relevant rule files

2. Code Generation

While writing code:

  • Apply secure-by-default patterns from relevant Project CodeGuard rules
  • Add security-relevant comments explaining choices

3. Security Review

After writing code:

  • Review against implementation checklists in each rule
  • Verify no hardcoded credentials or secrets
  • Validate that all the rules have been successfully followed when applicable.
  • Explain which security rules were applied
  • Highlight security features implemented

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

software-security

No summary provided by upstream source.

Repository SourceNeeds Review
11-project-codeguard
Security

compliance-evidence-assembler

把审计所需证据整理成目录、清单和缺失项,便于后续评审。;use for compliance, evidence, audit workflows;do not use for 伪造证据, 替代正式审计结论.

Archived SourceRecently Updated
--52yuanchangxing
Security

skillguard-hardened

Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫帽帽). Audits installed or incoming skills with local rules plus Zenmux AI intent review, then recommends pass, warn, block, or quarantine.

Archived SourceRecently Updated
--2404589803
Security

api-contract-auditor

审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。;use for api, contract, audit workflows;do not use for 直接改线上接口, 替代契约测试平台.

Archived SourceRecently Updated
--52yuanchangxing