plugin-api-server-security
OfficialAudit API security for Canvas plugins.
Authorcanvas-medical
Version1.0.0
Installs0
System Documentation
What problem does it solve?
The Skill provides a structured approach to security reviewing Canvas plugins that expose API endpoints. It helps ensure authentication and authorization are correctly implemented for SimpleAPI and WebSocket handlers when the plugin acts as the SERVER.
Core Features & Use Cases
- Best practices for using built-in authentication mixins (StaffSessionMixin, PatientSessionMixin, APIKeyAuthMixin) to reduce boilerplate and improve auditability.
- Security review patterns and common vulnerabilities, including how to validate credentials, scope access, and protect patient data in API endpoints.
- A practical security checklist and reporting workflow to communicate findings and ensure remediation before deployment.
Quick Start
Review your plugin's API handlers and apply the security patterns described here: check for mixin usage, verify authentication paths, and annotate endpoints with appropriate access controls.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: plugin-api-server-security Download link: https://github.com/canvas-medical/coding-agents/archive/main.zip#plugin-api-server-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.