Java CWE Security Skills Collection

53 AI-ready security remediation guides for Java vulnerabilities

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "Java CWE Security Skills Collection" with this command: npx skills add DevelopersCoffee/java-cwe-security-skills

Java CWE Security Skills Collection

Use this skill when fixing Java security vulnerabilities, remediating SAST findings, or resolving CWE issues.

Quick Install

npx skills add DevelopersCoffee/java-cwe-security-skills --all

What is Included

53 deterministic remediation patterns for CWEs in Java.

Skills by Category

Critical - Injection

  • CWE-89: SQL Injection
  • CWE-79: Cross-Site Scripting
  • CWE-78: OS Command Injection
  • CWE-94: Code Injection

Critical - Authentication

  • CWE-287: Improper Authentication
  • CWE-306: Missing Authentication
  • CWE-284: Improper Access Control

High - Cryptography

  • CWE-327: Broken Crypto Algorithm
  • CWE-328: Weak Hash
  • CWE-330: Insufficient Randomness

High - Data Exposure

  • CWE-200: Information Exposure
  • CWE-209: Error Message Exposure
  • CWE-532: Log Injection

Medium - Input Validation

  • CWE-22: Path Traversal
  • CWE-611: XXE Injection
  • CWE-502: Insecure Deserialization

Medium - Resource Management

  • CWE-400: Resource Exhaustion
  • CWE-770: Resource Allocation Limits

Repository

https://github.com/DevelopersCoffee/java-cwe-security-skills

License: MIT

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

compliance-evidence-assembler

把审计所需证据整理成目录、清单和缺失项,便于后续评审。;use for compliance, evidence, audit workflows;do not use for 伪造证据, 替代正式审计结论.

Archived SourceRecently Updated
--52yuanchangxing
Security

skillguard-hardened

Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫帽帽). Audits installed or incoming skills with local rules plus Zenmux AI intent review, then recommends pass, warn, block, or quarantine.

Archived SourceRecently Updated
--2404589803
Security

api-contract-auditor

审查 API 文档、示例和字段定义是否一致,输出 breaking change 风险。;use for api, contract, audit workflows;do not use for 直接改线上接口, 替代契约测试平台.

Archived SourceRecently Updated
--52yuanchangxing
Security

ai-workflow-red-team-lite

对 AI 自动化流程做轻量红队演练,聚焦误用路径、边界失败和数据泄露风险。;use for red-team, ai, workflow workflows;do not use for 输出可直接滥用的攻击脚本, 帮助破坏系统.

Archived SourceRecently Updated
--52yuanchangxing