fhir-api-client-security
OfficialSecure FHIR API clients in Canvas plugins.
Authorcanvas-medical
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This skill provides security review guidance for Canvas plugins acting as FHIR API clients, focusing on token management, scope validation, and patient-scoped authorization.
Core Features & Use Cases
- Security-focused guidelines for OAuth patterns, token handling, and patient-scoped access in plugins.
- Comprehensive checklists to assess token storage, scope minimization, and secure logging.
- Use Case: A plugin using Http() to access FHIR endpoints can be reviewed to ensure tokens are retrieved securely from secrets and tokens are not logged.
Quick Start
Review the fhir_client_context.txt for detailed patterns including OAuth authentication methods, token scopes, and patient-scoped token requirements. Apply the guidelines to existing and new Canvas plugins that interact with FHIR APIs to ensure tokens are stored securely and access is properly scoped.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: fhir-api-client-security Download link: https://github.com/canvas-medical/coding-agents/archive/main.zip#fhir-api-client-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.