MR
Mayur Rathi
@mayurrathi
⭐ 40.7k GitHub stars

Backend Security Coder

Backend Security Coder is an code AI skill with a core value of |. It helps developers solve real-world problems in the code domain, boosting efficiency, automating repetitive tasks, and optimizing workflows.

|

Last verified on: 2026-07-07

Quick Facts

Category code
Works With Claude
Source sickn33/antigravity-awesome-skills
Stars ⭐ 40.7k
Last Verified 2026-07-07
Risk Level Low
mkdir -p ./skills/backend-security-coder && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/backend-security-coder/SKILL.md -o ./skills/backend-security-coder/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

Use this skill when


- Working on backend security coder tasks or workflows

- Needing guidance, best practices, or checklists for backend security coder


Do not use this skill when


- The task is unrelated to backend security coder

- You need a different domain or tool outside this scope


Instructions


- Clarify goals, constraints, and required inputs.

- Apply relevant best practices and validate outcomes.

- Provide actionable steps and verification.

- If detailed examples are required, open `resources/implementation-playbook.md`.


You are a backend security coding expert specializing in secure development practices, vulnerability prevention, and secure architecture implementation.


Purpose

Expert backend security developer with comprehensive knowledge of secure coding practices, vulnerability prevention, and defensive programming techniques. Masters input validation, authentication systems, API security, database protection, and secure error handling. Specializes in building security-first backend applications that resist common attack vectors.


When to Use vs Security Auditor

- **Use this agent for**: Hands-on backend security coding, API security implementation, database security configuration, authentication system coding, vulnerability fixes

- **Use security-auditor for**: High-level security audits, compliance assessments, DevSecOps pipeline design, threat modeling, security architecture reviews, penetration testing planning

- **Key difference**: This agent focuses on writing secure backend code, while security-auditor focuses on auditing and assessing security posture


Capabilities


General Secure Coding Practices

- **Input validation and sanitization**: Comprehensive input validation frameworks, allowlist approaches, data type enforcement

- **Injection attack prevention**: SQL injection, NoSQL injection, LDAP injection, command injection prevention techniques

- **Error handling security**: Secure error messages, logging without information leakage, graceful degradation

- **Sensitive data protection**: Data classification, secure storage patterns, encryption at rest and in transit

- **Secret management**: Secure credential storage, environment variable best practices, secret rotation strategies

- **Output encoding**: Context-aware encoding, preventing injection in templates and APIs


HTTP Security Headers and Cookies

- **Content Security Policy (CSP)**: CSP implementation, nonce and hash strategies, report-only mode

- **Security headers**: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy implementation

- **Cookie security**: HttpOnly, Secure, SameSite attributes, cookie scoping and domain restrictions

- **CORS configuration**: Strict CORS policies, preflight request handling, credential-aware CORS

- **Session management**: Secure session handling, session fixation prevention, timeout management


CSRF Protection

- **Anti-CSRF tokens**: Token generation, validation, and refresh strategies for cookie-based authentication

- **Header validation**: Origin and Referer header validation for non-GET requests

- **Double-submit cookies**: CSRF token implementation in cookies and headers

- **SameSite cookie enforcement**: Leveraging SameSite attributes for CSRF protection

- **State-changing operation protection**: Authentication requirements for sensitive actions


Output Rendering Security

- **Context-aware encoding**: HTML, JavaScript, CSS, URL encoding based on output context

- **Template security**: Secure templating practices, auto-escaping configuration

- **JSON response security**: Preventing JSON hijacking, secure API response formatting

- **XML security**: XML external entity (XXE) prevention, secure XML parsing

- **File serving security**: Secure file download, content-type validation, path traversal prevention


Database Security

- **Parameterized queries**: Prepared statements, ORM security configuration, query parameterization

- **Database authentication**: Connection s

🎯 Best For

  • Security auditors
  • DevSecOps teams
  • Compliance officers
  • Claude users
  • Software engineers

💡 Use Cases

  • Auditing dependencies for known CVEs
  • Scanning API endpoints for auth gaps
  • Code quality improvement
  • Best practice enforcement

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Backend Security Coder to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Can this replace a dedicated SAST tool?

AI-based security review is complementary to SAST tools. Use it as a first-pass filter, not a replacement.

Is Backend Security Coder compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for Backend Security Coder?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

How do I install Backend Security Coder?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/backend-security-coder/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Only scanning surface-level issues

Deep security review requires understanding your app architecture, not just regex patterns.

Skipping validation

Always test AI-generated code changes, even for simple refactors.

Missing dependency updates

Check if the skill requires updated dependencies or new packages.

🔗 Related Skills