Skip to main content

Security Components

The Security category includes agents, commands, and hooks focused on application security, vulnerability detection, secrets management, and security best practices.

Browse Security Components

Explore all security components at aitmpl.com

Quick Install

# Install security essentials
npx claude-code-templates@latest \
  --command security-audit \
  --hook security/secret-scanner \
  --hook security/dangerous-command-blocker \
  --setting permissions/read-only-mode

# Or install the security template
npx claude-code-templates@latest --template security-hardened

Security Commands

Security Audit

Comprehensive security assessment and vulnerability analysisWhat it checks:
  • Dependency vulnerabilities
  • Authentication & authorization
  • Input validation & sanitization
  • Data protection & encryption
  • Secrets management
  • Error handling & logging
  • Infrastructure security
  • Security headers & CORS
npx claude-code-templates@latest --command security-audit
Usage:
# Full audit
/security-audit --full

# Focus on specific area
/security-audit authentication
/security-audit dependencies
Output includes:
  • Severity levels (Critical, High, Medium, Low)
  • Specific file references
  • Remediation steps
  • Code examples

Secrets Scanner

Scan codebase for hardcoded secrets, API keys, and credentialsDetects:
  • API keys and tokens
  • Database passwords
  • Private keys and certificates
  • OAuth secrets
  • Cloud provider credentials
  • Slack/Discord webhooks
npx claude-code-templates@latest --command secrets-scanner
Usage:
/secrets-scanner

Dependency Audit

Check dependencies for known vulnerabilities using npm audit, pip check, etc.
npx claude-code-templates@latest --command dependency-audit

Security Hardening

Apply security best practices to your applicationApplies:
  • Security headers
  • CORS configuration
  • Input validation
  • Rate limiting
  • CSP policies
  • Cookie security
npx claude-code-templates@latest --command security-hardening

Penetration Test

Automated penetration testing workflows
npx claude-code-templates@latest --command penetration-test

Add Authentication System

Add secure authentication to your applicationOptions:
  • JWT authentication
  • OAuth2 integration
  • Session management
  • Password hashing (bcrypt, argon2)
  • MFA/2FA support
npx claude-code-templates@latest --command add-authentication-system

Security Hooks

Prevent Secret Leaks

Secret Scanner Hook

Automatically scan commits for secrets before they’re pushedHow it works:
  1. Runs before each commit (pre-commit hook)
  2. Scans all staged files for secret patterns
  3. Blocks commit if secrets are detected
  4. Shows which files and lines contain secrets
npx claude-code-templates@latest --hook security/secret-scanner
Detects:
# API Keys
(api[_-]?key|apikey)\s*=\s*["'][^"']

# AWS Credentials
(aws[_-]?access[_-]?key[_-]?id)

# Database URLs
(postgres|mysql|mongodb)://[^\s]+:[^\s]+@

# Private Keys
-----BEGIN (RSA |EC )?PRIVATE KEY-----

# OAuth Tokens
(client[_-]?secret|oauth[_-]?token)
Example Output:
❌ SECRET DETECTED in config/database.js:12
   const password = "my_secret_password"

❌ SECRET DETECTED in .env.production:5
   API_KEY=sk_live_abc123xyz

Commit blocked. Remove secrets before committing.

Security Settings

Read-Only Mode

Restrict Claude Code to read-only operationsBlocks:
  • File writes and edits
  • Git commits and pushes
  • Bash commands that modify files
  • Destructive operations
Use cases:
  • Code review mode
  • Production environment analysis
  • Learning from existing codebases
  • Untrusted environments
npx claude-code-templates@latest --setting permissions/read-only-mode

Restricted Bash

Limit bash command execution to safe operations
npx claude-code-templates@latest --setting permissions/restricted-bash

Disable Risky MCP Servers

Disable MCP servers with dangerous capabilities
npx claude-code-templates@latest --setting mcp/disable-risky-servers

Security Agents

Security Engineer

Security engineering specialist (part of DevOps Infrastructure category)Expertise:
  • Security architecture
  • Threat modeling
  • Secure coding practices
  • Security testing
  • Incident response
npx claude-code-templates@latest --agent security-engineer

Security Workflows

Pre-Commit Security

Automatic security checks before every commit: 
# Install security hooks
npx claude-code-templates@latest \
  --hook security/secret-scanner \
  --hook security/dangerous-command-blocker \
  --hook security/file-protection

# Now every commit is automatically scanned
git commit -m "Add user service"
# ✓ No secrets detected
# ✓ No dangerous commands
# ✓ No sensitive files
# Commit successful

Regular Security Audits

Schedule comprehensive security audits: 
# Install security audit command
npx claude-code-templates@latest --command security-audit

# Run full audit weekly
/security-audit --full

# Or focus on specific areas
/security-audit dependencies     # Check dependency vulnerabilities
/security-audit authentication  # Review auth implementation
/security-audit data-protection # Check encryption and data handling

Security Hardening

Apply security best practices to new projects: 
# Install hardening command
npx claude-code-templates@latest --command security-hardening

# Apply hardening
/security-hardening

# Applies:
# - Security headers (CSP, HSTS, X-Frame-Options)
# - CORS configuration
# - Rate limiting
# - Input validation
# - Cookie security

Secrets Management

Never commit secrets: 
# Install secret scanner
npx claude-code-templates@latest --hook security/secret-scanner

# Use environment variables
echo "API_KEY=your_key_here" >> .env
echo ".env" >> .gitignore

# Commits with secrets are blocked
git commit -m "Add config"
# ❌ SECRET DETECTED: Remove secrets before committing

Security Best Practices

1. Defense in Depth

Layer multiple security controls: 
# Install multiple security components
npx claude-code-templates@latest \
  --hook security/secret-scanner \
  --hook security/dangerous-command-blocker \
  --command security-audit \
  --setting permissions/restricted-bash

2. Automated Security

Automate security checks in CI/CD: 
# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - run: npx claude-code-templates@latest --command security-audit

3. Regular Audits

Schedule regular security reviews: 
# Weekly dependency audit
/dependency-audit

# Monthly full security audit
/security-audit --full

# After each major feature
/security-audit authentication

4. Least Privilege

Restrict permissions when possible: 
# Enable read-only mode for code review
npx claude-code-templates@latest --setting permissions/read-only-mode

# Disable risky MCP servers
npx claude-code-templates@latest --setting mcp/disable-risky-servers

Security Template

Use the pre-configured security template: 
npx claude-code-templates@latest --template security-hardened
Includes:
  • Security audit command
  • Secret scanner hook
  • Dangerous command blocker
  • File protection hook
  • Read-only mode setting
  • Branch protection
  • Security engineer agent

Real-World Examples

Example 1: Prevent Secret Leak

# Developer accidentally commits secret
echo "API_KEY=sk_live_abc123" >> config.js
git add config.js
git commit -m "Add config"

# ❌ SECRET DETECTED in config.js:1
#    API_KEY=sk_live_abc123
#
# Commit blocked. Remove secrets before committing.

# Developer fixes
echo "API_KEY=process.env.API_KEY" > config.js
echo "API_KEY=sk_live_abc123" >> .env
echo ".env" >> .gitignore
git add config.js .gitignore
git commit -m "Add config with env vars"
# ✓ Success

Example 2: Comprehensive Audit

/security-audit --full

# ⚠️ MEDIUM: Dependency vulnerability found
#   Package: [email protected]
#   Vulnerability: CVE-2024-xxxxx
#   Fix: npm install [email protected]
#
# ❌ CRITICAL: Hardcoded database password
#   File: src/db/connection.js:5
#   Line: const password = "my_password"
#   Fix: Use environment variables
#
# ⚠️ HIGH: Missing security headers
#   File: src/server.js
#   Issue: No CSP, HSTS, or X-Frame-Options headers
#   Fix: Add helmet.js middleware

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us