Build secure full-stack web applications
fullstack-guardianskillsetup L3★9,726
Jeffallan/claude-skills ↗What it does
Implement authenticated full-stack features with validation and error handling
Best for
Teams building features across frontend, backend, and database that need security-first design avoiding common injection and timing attacks.
Inputs
- · feature requirements and acceptance criteria
- · database schema
- · API endpoint specs
- · UI component sketches
Outputs
- · backend code (models, routes, auth checks)
- · frontend code (components, API calls, error handling)
- · security design notes
- · test cases
Requires
- · backend framework (FastAPI, Express, Django, etc.)
- · frontend framework (React, Vue, Flutter, etc.)
- · database driver (parameterized queries required)
- · auth library (JWT, OAuth, sessions)
- · testing framework (pytest, Jest, Flutter test)
Preconditions
- · Acceptance criteria defined (before design)
- · Security checklist reviewed (auth, authz, validation, encoding)
- · Tech stack selected
- · Database schema finalized
Failure modes
- · Client-side validation skipped: data not re-validated server-side
- · Raw SQL concatenation: SQL injection vulnerability
- · XSS leaks: output not sanitized or escaped
- · Timing leak: 404 returned before authz check (reveals user existence)
- · Secrets hardcoded: credentials exposed in code or response
Trust signals
- · Three-perspective design pattern (Frontend/Backend/Security) shown in minimal example
- · Explicit response schema (ProfileResponse) prevents accidental data leakage
- · Authz enforced server-side before DB access (not on client)
- · Parameterized queries documented as mandatory (no raw interpolation)