SECURITY-credentials
CommunitySecure credentials: hash passwords, use OAuth, protect API keys.
Authordjankies
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Improper handling of passwords, API keys, and third-party credentials is a critical security vulnerability, leading to data breaches, compliance failures, and severe reputational damage. This Skill enforces CRITICAL security rules.
Core Features & Use Cases
- NEVER Store Passwords: Mandates storing password HASHES only, using bcrypt (cost 12+) or argon2id, never plaintext or reversible encryption.
- NEVER Accept Third-Party Credentials: Enforces using OAuth for external services (e.g., Google, PayPal), never asking users for their passwords to other platforms.
- Proper Cryptography: Guides on using established libraries for hashing (bcrypt/argon2) and encryption (Node.js crypto module), and storing API keys in environment variables.
- Anti-Pattern Flagging: Identifies and prohibits critical anti-patterns like Base64 "encryption" or weak hashing algorithms (MD5, SHA-1).
- Use Case: Implement a secure user registration process, ensuring passwords are hashed with bcrypt, API keys are loaded from environment variables, and any third-party integrations use OAuth, preventing critical security vulnerabilities.
Quick Start
Implement a hashPassword function using bcrypt with SALT_ROUNDS = 12 and a verifyPassword function to check against stored hashes.
Dependency Matrix
Required Modules
bcryptargon2
Components
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: SECURITY-credentials Download link: https://github.com/djankies/claude-configs/archive/main.zip#security-credentials Please download this .zip file, extract it, and install it in the .claude/skills/ directory.