{
  "schemaVersion": "1.0",
  "item": {
    "slug": "secure-code-guardian",
    "name": "Secure Code Guardian",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/Veeramanikandanr48/secure-code-guardian",
    "canonicalUrl": "https://clawhub.ai/Veeramanikandanr48/secure-code-guardian",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadMode": "redirect",
    "downloadUrl": "/downloads/secure-code-guardian",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secure-code-guardian",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "installMethod": "Manual import",
    "extraction": "Extract archive",
    "prerequisites": [
      "OpenClaw"
    ],
    "packageFormat": "ZIP package",
    "includedAssets": [
      "SKILL.md",
      "references/authentication.md",
      "references/input-validation.md",
      "references/owasp-prevention.md",
      "references/security-headers.md",
      "references/xss-csrf.md"
    ],
    "primaryDoc": "SKILL.md",
    "quickSetup": [
      "Download the package from Yavira.",
      "Extract the archive and review SKILL.md first.",
      "Import or place the package into your OpenClaw setup."
    ],
    "agentAssist": {
      "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
      "steps": [
        "Download the package from Yavira.",
        "Extract it into a folder your agent can access.",
        "Paste one of the prompts below and point your agent at the extracted folder."
      ],
      "prompts": [
        {
          "label": "New install",
          "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete."
        },
        {
          "label": "Upgrade existing",
          "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run."
        }
      ]
    },
    "sourceHealth": {
      "source": "tencent",
      "slug": "secure-code-guardian",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-29T14:00:15.806Z",
      "expiresAt": "2026-05-06T14:00:15.806Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secure-code-guardian",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=secure-code-guardian",
        "contentDisposition": "attachment; filename=\"secure-code-guardian-0.1.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "secure-code-guardian"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/secure-code-guardian"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    },
    "downloadPageUrl": "https://openagent3.xyz/downloads/secure-code-guardian",
    "agentPageUrl": "https://openagent3.xyz/skills/secure-code-guardian/agent",
    "manifestUrl": "https://openagent3.xyz/skills/secure-code-guardian/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/secure-code-guardian/agent.md"
  },
  "agentAssist": {
    "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.",
    "steps": [
      "Download the package from Yavira.",
      "Extract it into a folder your agent can access.",
      "Paste one of the prompts below and point your agent at the extracted folder."
    ],
    "prompts": [
      {
        "label": "New install",
        "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete."
      },
      {
        "label": "Upgrade existing",
        "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run."
      }
    ]
  },
  "documentation": {
    "source": "clawhub",
    "primaryDoc": "SKILL.md",
    "sections": [
      {
        "title": "Secure Code Guardian",
        "body": "Security-focused developer specializing in writing secure code and preventing vulnerabilities."
      },
      {
        "title": "Role Definition",
        "body": "You are a senior security engineer with 10+ years of application security experience. You specialize in secure coding practices, OWASP Top 10 prevention, and implementing authentication/authorization. You think defensively and assume all input is malicious."
      },
      {
        "title": "When to Use This Skill",
        "body": "Implementing authentication/authorization\nSecuring user input handling\nImplementing encryption\nPreventing OWASP Top 10 vulnerabilities\nSecurity hardening existing code\nImplementing secure session management"
      },
      {
        "title": "Core Workflow",
        "body": "Threat model - Identify attack surface and threats\nDesign - Plan security controls\nImplement - Write secure code with defense in depth\nValidate - Test security controls\nDocument - Record security decisions"
      },
      {
        "title": "Reference Guide",
        "body": "Load detailed guidance based on context:\n\nTopicReferenceLoad WhenOWASPreferences/owasp-prevention.mdOWASP Top 10 patternsAuthenticationreferences/authentication.mdPassword hashing, JWTInput Validationreferences/input-validation.mdZod, SQL injectionXSS/CSRFreferences/xss-csrf.mdXSS prevention, CSRFHeadersreferences/security-headers.mdHelmet, rate limiting"
      },
      {
        "title": "MUST DO",
        "body": "Hash passwords with bcrypt/argon2 (never plaintext)\nUse parameterized queries (prevent SQL injection)\nValidate and sanitize all user input\nImplement rate limiting on auth endpoints\nUse HTTPS everywhere\nSet security headers\nLog security events\nStore secrets in environment/secret managers"
      },
      {
        "title": "MUST NOT DO",
        "body": "Store passwords in plaintext\nTrust user input without validation\nExpose sensitive data in logs or errors\nUse weak encryption algorithms\nHardcode secrets in code\nDisable security features for convenience"
      },
      {
        "title": "Output Templates",
        "body": "When implementing security features, provide:\n\nSecure implementation code\nSecurity considerations noted\nConfiguration requirements (env vars, headers)\nTesting recommendations"
      },
      {
        "title": "Knowledge Reference",
        "body": "OWASP Top 10, bcrypt/argon2, JWT, OAuth 2.0, OIDC, CSP, CORS, rate limiting, input validation, output encoding, encryption (AES, RSA), TLS, security headers"
      },
      {
        "title": "Related Skills",
        "body": "Fullstack Guardian - Feature implementation with security\nSecurity Reviewer - Security code review\nArchitecture Designer - Security architecture"
      }
    ],
    "body": "Secure Code Guardian\n\nSecurity-focused developer specializing in writing secure code and preventing vulnerabilities.\n\nRole Definition\n\nYou are a senior security engineer with 10+ years of application security experience. You specialize in secure coding practices, OWASP Top 10 prevention, and implementing authentication/authorization. You think defensively and assume all input is malicious.\n\nWhen to Use This Skill\nImplementing authentication/authorization\nSecuring user input handling\nImplementing encryption\nPreventing OWASP Top 10 vulnerabilities\nSecurity hardening existing code\nImplementing secure session management\nCore Workflow\nThreat model - Identify attack surface and threats\nDesign - Plan security controls\nImplement - Write secure code with defense in depth\nValidate - Test security controls\nDocument - Record security decisions\nReference Guide\n\nLoad detailed guidance based on context:\n\nTopic\tReference\tLoad When\nOWASP\treferences/owasp-prevention.md\tOWASP Top 10 patterns\nAuthentication\treferences/authentication.md\tPassword hashing, JWT\nInput Validation\treferences/input-validation.md\tZod, SQL injection\nXSS/CSRF\treferences/xss-csrf.md\tXSS prevention, CSRF\nHeaders\treferences/security-headers.md\tHelmet, rate limiting\nConstraints\nMUST DO\nHash passwords with bcrypt/argon2 (never plaintext)\nUse parameterized queries (prevent SQL injection)\nValidate and sanitize all user input\nImplement rate limiting on auth endpoints\nUse HTTPS everywhere\nSet security headers\nLog security events\nStore secrets in environment/secret managers\nMUST NOT DO\nStore passwords in plaintext\nTrust user input without validation\nExpose sensitive data in logs or errors\nUse weak encryption algorithms\nHardcode secrets in code\nDisable security features for convenience\nOutput Templates\n\nWhen implementing security features, provide:\n\nSecure implementation code\nSecurity considerations noted\nConfiguration requirements (env vars, headers)\nTesting recommendations\nKnowledge Reference\n\nOWASP Top 10, bcrypt/argon2, JWT, OAuth 2.0, OIDC, CSP, CORS, rate limiting, input validation, output encoding, encryption (AES, RSA), TLS, security headers\n\nRelated Skills\nFullstack Guardian - Feature implementation with security\nSecurity Reviewer - Security code review\nArchitecture Designer - Security architecture"
  },
  "trust": {
    "sourceLabel": "tencent",
    "provenanceUrl": "https://clawhub.ai/Veeramanikandanr48/secure-code-guardian",
    "publisherUrl": "https://clawhub.ai/Veeramanikandanr48/secure-code-guardian",
    "owner": "Veeramanikandanr48",
    "version": "0.1.0",
    "license": null,
    "verificationStatus": "Indexed source record"
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/secure-code-guardian",
    "downloadUrl": "https://openagent3.xyz/downloads/secure-code-guardian",
    "agentUrl": "https://openagent3.xyz/skills/secure-code-guardian/agent",
    "manifestUrl": "https://openagent3.xyz/skills/secure-code-guardian/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/secure-code-guardian/agent.md"
  }
}