A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.
View on GitHubskills/software-security/SKILL.md
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/project-codeguard/rules/blob/main/skills/software-security/SKILL.md -a claude-code --skill software-securityInstallation paths:
.claude/skills/software-security/# Software Security Skill (Project CodeGuard) This skill provides comprehensive security guidance to help AI coding agents generate secure code and prevent common vulnerabilities. It is based on **Project CodeGuard**, an open-source, model-agnostic security framework that embeds secure-by-default practices into AI coding workflows. ## When to Use This Skill This skill should be activated when: - Writing new code in any language - Reviewing or modifying existing code - Implementing security-sensitive features (authentication, cryptography, data handling, etc.) - Working with user input, databases, APIs, or external services - Configuring cloud infrastructure, CI/CD pipelines, or containers - Handling sensitive data, credentials, or cryptographic operations ## How to Use This Skill When writing or reviewing code: 1. Always-Apply Rules: Some rules MUST be checked on every code operation: - `codeguard-1-hardcoded-credentials.md` - Never hardcode secrets, passwords, API keys, or tokens - `codeguard-1-crypto-algorithms.md` - Use only modern, secure cryptographic algorithms - `codeguard-1-digital-certificates.md` - Validate and manage digital certificates securely 2. Context-Specific Rules: Apply rules from /rules directory based on the language of the feature being implemented using the table given below: | Language | Rule Files to Apply | |----------|---------------------| | apex | codeguard-0-input-validation-injection.md | | c | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-data-storage.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-safe-c-functions.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md | | cpp | codeguard-0-safe-c