Public betaPlug into your AI. Get superpowers.Get access
Install plugin
┌ pillar /security4 rules · 8 skills
Pillar · security

Security.

Auth, secrets, schema validation, pre-write hooks. Below: every rule the AI cites and every skill that fires inside this pillar — versioned, dated, cross-referenced.

4 rules8 skills
01/05auto-trigger

Path-scoped. Loaded only when relevant.

Open a service handler → the right rules attach. Zero token cost the rest of the time.

Security Baseline
React + Vite Security
Ionic Security
React Native Security
Django Security
JWT Security
02/05how it works

What this pillar does for you.

01
Pre-write hooks block insecure patterns

Secret literals, weak JWT, missing rate-limits, naked req.body - caught before the file is saved.

02
Schema validation at every boundary

Every API surface validates input shapes with zod. Errors carry safe, redacted context.

03
Auto security review

Auth-touching changes trigger the security-review skill. The AI cites OWASP-grade rules in the diff.

03/05rules in this pillar

4 rules.

Each rule is a markdown file the AI loads when it edits a matching path. Click any to see related skills and where it's referenced.

SecurityruleSecurity Baselinerules/common/security.md

Pre-commit checklist for every change touching input/auth/storage/network: no hardcoded secrets, parameterized SQL, schema-validated input, authz on every endpoint, restrictive CORS.

SecurityruleReact + Vite Securityrules/frontend/react/security.md

Supabase Auth + RLS before custom JWT, no tokens in localStorage, no secrets in VITE_ vars, no dangerouslySetInnerHTML without DOMPurify, refresh-token flow in api-client once.

SecurityruleIonic Securityrules/frontend/ionic/security.md

httpOnly cookies or in-memory auth on web, reviewed secure-storage plugin only when native needs it. Deep links, push payloads, clipboard, file paths treated as untrusted.

SecurityruleReact Native Securityrules/frontend/react-native/security.md

expo-secure-store for tokens, no secrets in EAS public env, EXPO_PUBLIC_ for public config only, zod-validate deep links and push payloads, allowlist external URL schemes.

04/05skills in this pillar

8 skills.

Skills are intent-triggered workflows. The AI router loads them by description; bodies on demand.

SecurityskillDjango Securityskills/django-security

Django authn/authz, CSRF, SQL injection prevention, XSS prevention, and secure deployment configurations.

SecurityskillJWT Securityskills/jwt-security

Implement or review JWT auth: token creation, validation, claims, signing algorithms, key rotation, refresh-token rotation, revocation, storage, transmission, tests.

SecurityskillLaravel Securityskills/laravel-security

Laravel security: authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment.

SecurityskillPerl Securityskills/perl-security

Perl security: taint mode, input validation, safe process execution, DBI parameterized queries, web XSS/SQLi/CSRF, and perlcritic security policies.

SecurityskillPre-Deploy Security Checkskills/predeploy-security-check

Hard gate before deploy/ship/release/store submission: secrets, Supabase RLS, authz, rate limits, uploads, CORS, SQLi/XSS, headers, deps, logging, crypto, mobile bundle.

SecurityskillSecurity Reviewskills/security-review

Auto security review on auth-touching changes: blocks secret literals, weak JWT, missing rate-limits, dangerouslySetInnerHTML, naked req.body, exposed env vars.

SecurityskillSecurity Scanskills/security-scan

Scan Claude Code configuration (.claude/, CLAUDE.md, settings.json, MCP servers, hooks, agent defs) for vulnerabilities, misconfigs, and injection risks via AgentShield.

SecurityskillSpring Boot Securityskills/springboot-security

Spring Security: authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.

05/05related pillars

One plugin, eight pillars.

Every rule and skill is part of a system. Jump across pillars to see how they reinforce each other.

Code quality

Clean code, surgical edits, component boundaries.

13 rules·20 skills
you are here
Security

Auth, secrets, schema validation, pre-write hooks.

4 rules·8 skills
Architecture

Provider-first stacks, package boundaries, scale paths.

43 rules·37 skills
Infrastructure

Postgres, Docker, queues, service templates.

1 rules·5 skills
Deployment

Preview envs, fast-forward prod, one-command rollback.

0 rules·2 skills
Documentation

ADRs, READMEs, JSDoc - written as you build.

1 rules·4 skills
Token optimization

Path-scoped rules, lazy skills, context budgeting.

4 rules·4 skills
Testing

TDD-first skills, AI regression on every PR.

4 rules·21 skills
[ // GET STARTED ][ DEPLOY // ][ PLUGIN // ][ // SHIP ]
Get started

Use the AI you already pay for.
Add superpowers.

One plugin. Senior-engineer rules, security, a backend, and one-command deploys — inside the editor you already use.

Install "Traffic One" via AI Agent plugin marketplacemarketplace
Install pluginSign up
free hobby tier·no credit card·any model, any plan
works inside
Cursor logoCursor
Claude Code logoClaude Code
Codex logoCodex
Copilot logoCopilot
Kilo logoKilo
Windsurf logoWindsurf
OpenCode logoOpenCode