OpenSkillIndex← back to search
claude-code

Learn-skills.dev security-privacy

Pre-flight security & privacy checklist for changes touching identity, data, logging, or external integrations; ensures secrets/PII hygiene and boundary-safe design.

install
source · Clone the upstream repo
git clone https://github.com/NeverSight/learn-skills.dev
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/NeverSight/learn-skills.dev "$T" && mkdir -p ~/.claude/skills && cp -r "$T/data/skills-md/7spade/black-tortoise/security-privacy" ~/.claude/skills/neversight-learn-skills-dev-security-privacy && rm -rf "$T"
manifest: data/skills-md/7spade/black-tortoise/security-privacy/SKILL.md
source content

Security & Privacy (Pre-flight)

Use when

  • Adding/reading/writing user/workspace data.
  • Touching identity/auth, permissions, Firebase rules, or external APIs.
  • Adding logging, analytics, telemetry, or error reporting.

Workflow

  1. Identify data: what fields are PII, where stored, retention expectations.
  2. Identify trust boundaries: browser ↔ Firebase/backend; who can call what.
  3. Minimize & redact: remove unnecessary fields; ensure logs/errors redact secrets/PII.
  4. Validate inputs at the edge; keep Domain pure.
  5. Confirm least privilege: tokens, rules, and access paths.

Output checklist

  • No secrets in repo, fixtures, or logs.
  • No PII in logs/errors/templates.
  • Clear authorization point (not scattered across UI).
  • Deletion path does not leave access holes.

References

  • .github/instructions/65-security-privacy-copilot-instructions.md