Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From security-compliance
Enforces 5-layer security for MCP servers and multi-agent pipelines: input validation, prompt injection prevention, SQL/NoSQL validation, user context propagation, and RBAC/ABAC authorization.
How this skill is triggered — by the user, by Claude, or both
Slash command
/security-compliance:mcp-securityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill enforces security best practices for MCP servers and multi-agent pipelines.
This skill enforces security best practices for MCP servers and multi-agent pipelines.
# Always validate and sanitize inputs
def sanitize_input(user_input: str) -> str:
# Remove potential injection patterns
# Escape special characters
# Limit length
pass
# Never directly concatenate user input into prompts
# ❌ Bad
prompt = f"Process this: {user_input}"
# ✅ Good
prompt = sanitize_input(user_input)
validated_prompt = validate_against_schema(prompt)
@dataclass
class UserContext:
user_id: str
roles: list[str]
permissions: list[str]
tenant_id: str
# Pass context through all pipeline stages
async def process_request(context: UserContext, request: Request):
# Validate permissions at each step
if not has_permission(context, "read:data"):
raise AuthorizationError()
ROLE_PERMISSIONS = {
"admin": ["read", "write", "delete", "admin"],
"editor": ["read", "write"],
"viewer": ["read"],
}
def can_access(user: User, resource: Resource) -> bool:
return (
user.department == resource.department
and user.clearance >= resource.sensitivity
)
npx claudepluginhub jpoutrin/product-forge --plugin security-complianceAudits an MCP server for LLM-specific security gaps across eight axes: injection surfaces, blast radius, destructive ops, auth shape, input sinks, tenant isolation, leakage, and HTTP deployment. Use before a release or after handler changes.
Audits MCP tool handlers for malicious input, hardcoded secrets, and unrestricted file/shell access. Invoke when building or reviewing MCP server definitions and tool schemas.
Provides MCP architecture patterns including client-host-server model, transports, resources, and tools with FastMCP examples in Python and TypeScript. Useful for building MCP servers and implementing tools.