django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Stars156.1k

Favorites0

Comments0

AddedApr 15, 2026

CategorySecurity Audit

Install Command

npx skills add affaan-m/everything-claude-code --skill django-security

Curation Score

This skill scores 84/100, which means it is a solid listing candidate for directory users who want Django-specific security guidance. The repository shows substantial, non-placeholder content with clear activation cases and practical security configuration examples, so an agent can likely use it with less guesswork than a generic prompt, though it still lacks some install-adoption conveniences like an install command or companion references.

84/100

Strengths

Clear triggerability: the skill explicitly says when to activate it for auth, permissions, production security, review, and deployment tasks.
Strong operational content: the body includes concrete Django security settings and example code for production hardening, cookies, HSTS, headers, and secret-key handling.
Good documentation depth: valid frontmatter, long body, and multiple headings suggest a real workflow guide rather than a placeholder.

Cautions

No install command, scripts, or reference files are provided, so adoption may require manual interpretation and copy-paste use.
The preview shows mostly settings guidance; users needing deeper testing, auditing, or remediation workflows may need supplementary skills or docs.

Django Security Auth Csrf Sql Injection Xss Deployment

Overview

Overview of django-security skill

What django-security is for

The django-security skill is a practical guide for hardening Django apps: authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It is best for developers or reviewers who need a fast, security-focused checklist before shipping or auditing a Django project.

Who should install it

Install the django-security skill if you are setting up a new Django app, reviewing an existing codebase for security gaps, or preparing production settings for a deployment. It is especially useful for a Security Audit because it helps turn broad concerns into concrete configuration and code checks.

What it helps you decide

This skill is most valuable when you need to know what “secure enough” looks like in Django, not just how to write features. It gives you a path from rough intent to actionable hardening steps, which is more useful than a generic security prompt when the app already exists.

How to Use django-security skill

Install and activate it

Use the skill install flow for your environment, then open skills/django-security/SKILL.md first. The repository does not include extra helper files, so SKILL.md is the main source of truth for django-security install and django-security usage.

Give it a concrete security job

The skill works best when you ask for a specific outcome, such as “audit this Django settings file for production security issues,” “review auth and permission flow,” or “harden this deployment for HTTPS and secure cookies.” Avoid vague prompts like “make my Django app secure,” because they do not tell the skill which layer to inspect first.

Read the repo in this order

Start with SKILL.md, then focus on the sections about when to activate, core security settings, and production configuration. Those parts show the skill’s practical boundary: it is oriented toward settings, auth controls, and deployment hardening rather than framework theory or app architecture.

Prompt it with input that matters

Stronger inputs include your Django version, current settings.py or settings/production.py, authentication approach, deployment target, and any known risks. For example: “Review this production Django settings module for missing security headers, cookie flags, and secret management issues, then give a prioritized fix list.”

django-security skill FAQ

Is django-security only for production hardening?

No. The django-security skill covers both day-to-day security decisions and production hardening. Use it during development if you want to catch auth, permission, or cookie mistakes before they become release blockers.

How is this different from a normal prompt?

A normal prompt can ask for Django security advice, but the django-security skill gives you a clearer workflow and a narrower scope. That usually means less guesswork when you need a repeatable Security Audit or a consistent review of settings and access control.

Is it beginner-friendly?

Yes, if you can share concrete project details. Beginners get the most value when they provide a settings file, a deployment goal, or a short description of the feature being secured, because the skill is designed to guide implementation rather than explain every Django concept from scratch.

When should I not use it?

Do not rely on django-security alone if you need full application threat modeling, compliance mapping, or framework-agnostic infrastructure review. It is a strong Django-specific guide, but it is not a substitute for a broader security program.

How to Improve django-security skill

Start with the highest-risk surface

The best results usually come from asking for the most exposed area first: production settings, auth flows, permission checks, or session handling. For a Security Audit, say which surface you want prioritized so the skill can focus on the changes that reduce real risk fastest.

Provide exact code and environment context

django-security produces better output when you paste the relevant settings module, middleware list, authentication backend, and deployment assumptions. A request like “check my settings/production.py for DEBUG, ALLOWED_HOSTS, HSTS, cookie flags, and secret handling” is far more useful than asking for general best practices.

Ask for ranked findings, not just fixes

To improve the skill’s output, ask for severity, rationale, and a minimal safe change for each issue. That helps you distinguish critical blockers, such as exposed debug settings or weak secret management, from lower-priority cleanup.

Iterate after the first pass

Use the first answer to patch obvious problems, then rerun django-security on the updated config or the next layer, such as permissions or CSRF coverage. The skill is strongest when you treat it as a review loop: assess, fix, recheck, and then move to the next risk area.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

supabase-postgres-best-practices

by supabase

supabase-postgres-best-practices is a Supabase Postgres optimization skill for query tuning, indexing, schema design, RLS performance, locking, and connection management.

Database Engineering

Favorites 0GitHub 1.7k

audit-website

by squirrelscan

The audit-website skill uses the squirrel CLI to audit websites and webapps across 230+ rules for SEO, technical, content, performance, security, links, and site health, then returns actionable LLM-ready reports.

UX Audit

Favorites 0GitHub 68

skill-comply

by affaan-m

skill-comply is a compliance-testing skill that checks whether an agent follows a skill, rule, or agent definition in real runs. It generates specs from markdown, runs three prompt strictness levels, classifies tool-call timelines, and reports compliance rates with evidence. Useful for skill-comply for Compliance Review.

Compliance Review

Favorites 0GitHub 156.3k

security-scan

by affaan-m

The security-scan skill audits your Claude Code .claude/ configuration for secrets, risky MCP setup, injection-prone instructions, dangerous bypass flags, and weak agent or hook definitions using AgentShield. Use it for repeatable security checks before committing or onboarding.

Security Audit

Favorites 0GitHub 156.3k

perl-security

by affaan-m

perl-security helps you review Perl code for safer input handling, taint mode, shell execution, DBI placeholders, and web security issues like XSS, SQLi, and CSRF. Use this perl-security skill for Security Audit work, remediation planning, and secure development when user-controlled data reaches sensitive sinks.

Security Audit

Favorites 0GitHub 156.2k

laravel-security

by affaan-m

The laravel-security skill is a practical Laravel security checklist for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment. Use it for audits, feature reviews, and hardening work in Laravel apps.

Security Audit

Favorites 0GitHub 156.2k

healthcare-eval-harness

by affaan-m

healthcare-eval-harness is a patient safety evaluation harness for healthcare app deployments. It helps teams verify CDSS accuracy, PHI exposure, data integrity, clinical workflow behavior, and integration compliance before release. Critical failures block deployment, making it useful for healthcare-eval-harness for Model Evaluation and CI safety gates.

Model Evaluation

Favorites 0GitHub 156.2k

github-ops

by affaan-m

github-ops is a GitHub operations skill for triaging issues, managing PRs, checking CI failures, preparing releases, and monitoring repository health with the gh CLI. Use the github-ops skill when you need repeatable github-ops usage for a real repository, with auth via gh auth login and clear repo context.

Github

Favorites 0GitHub 156.2k

ecc-tools-cost-audit

by affaan-m

ecc-tools-cost-audit is an evidence-first audit skill for ECC Tools cost spikes, runaway PR creation, quota bypass, premium-model leakage, and duplicate jobs. Use it for Backend Development investigations that trace a request from webhook to worker to billing decision and prove where spend is being created.

Backend Development

Favorites 0GitHub 156.1k

defi-amm-security

by affaan-m

defi-amm-security is a focused security checklist for Solidity AMMs, liquidity pools, LP vaults, and swap flows. It helps auditors and engineers review reentrancy, CEI ordering, donation or inflation attacks, oracle assumptions, slippage, admin controls, and integer math with less guesswork than a generic prompt.

Security Audit

Favorites 0GitHub 156.1k

code-reviewer

by Shubhamsaboo

code-reviewer is an AI code review skill that follows a strict review order: security, performance, correctness, and maintainability. It uses rule files for SQL injection, XSS, N+1 queries, error handling, naming, and type hints, making PR reviews more consistent than a generic review prompt.

Code Review

Favorites 0GitHub 104.2k

stride-analysis-patterns

by wshobson

stride-analysis-patterns helps agents run a structured STRIDE threat-modeling pass for architectures, APIs, and data flows. Install from the wshobson/agents repo, read the SKILL.md file, and use it to turn system descriptions into categorized threats and control-focused review output.

Threat Modeling

Favorites 0GitHub 32.6k

anti-reversing-techniques

by wshobson

anti-reversing-techniques is a reverse-engineering skill for authorized malware analysis, CTF work, packed binary triage, and security audits. It helps you identify anti-debugging, anti-VM, packing, and obfuscation patterns, then choose a practical analysis workflow using the core skill and advanced reference.

Security Audit

Favorites 0GitHub 32.6k

k8s-security-policies

by wshobson

k8s-security-policies helps teams draft Kubernetes NetworkPolicy, Pod Security Standards labels, and RBAC patterns using repo-backed templates and references for hardening and audit-ready rollout planning.

Security Audit

Favorites 0GitHub 32.6k

security

by markdown-viewer

The security skill creates PlantUML security architecture diagrams with AWS stencils for identity, encryption, firewalling, compliance, and threat detection. Use it for IAM flows, zero-trust designs, encryption pipelines, Security Audit diagrams, and review-ready documentation. It is not meant for general cloud infrastructure or generic UML modeling.

Security Audit

Favorites 0GitHub 1.1k