checking-session-security
について
このスキルは、コードベースを分析して、安全でないセッションID、不適切な有効期限、固定化攻撃などのセッションセキュリティ脆弱性を特定します。セッション処理の監査や、セキュリティベストプラクティスに照らした実装のレビュー時にご利用ください。セッションセキュリティチェッカープラグインを活用し、コードレビュー中に問題を自動的にスキャンします。
クイックインストール
Claude Code
推奨/plugin add https://github.com/jeremylongshore/claude-code-plugins-plusgit clone https://github.com/jeremylongshore/claude-code-plugins-plus.git ~/.claude/skills/checking-session-securityこのコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします
ドキュメント
Overview
This skill automates the process of reviewing session security within a project. It helps identify potential vulnerabilities related to session management, ensuring compliance with security best practices.
How It Works
- Analyze Codebase: The skill analyzes the codebase for session management related code.
- Identify Vulnerabilities: It identifies potential vulnerabilities, such as weak session ID generation, missing session expiration, or susceptibility to session fixation.
- Generate Report: The skill generates a report outlining the identified vulnerabilities and suggests remediation steps.
When to Use This Skill
This skill activates when you need to:
- Check session security implementation.
- Audit session handling practices.
- Review session management code for vulnerabilities.
- Ensure compliance with session security best practices.
Examples
Example 1: Identifying Session Fixation Vulnerability
User request: "Check session security in my web application."
The skill will:
- Analyze the code for session creation and management.
- Identify if the application is vulnerable to session fixation attacks.
Example 2: Reviewing Session Expiration Settings
User request: "Review session implementation to ensure proper expiration."
The skill will:
- Analyze the code to determine how session expiration is handled.
- Identify if sessions are expiring correctly and suggest appropriate timeout values.
Best Practices
- Input Validation: Always validate user input to prevent session hijacking.
- Session Expiration: Implement proper session expiration to minimize the risk of unauthorized access.
- Secure Session IDs: Use strong, randomly generated session IDs.
Integration
This skill can be used in conjunction with other security plugins to provide a comprehensive security assessment of the codebase. For example, it can be used alongside a vulnerability scanner to identify other potential security flaws.
GitHub リポジトリ
関連スキル
evaluating-llms-harness
テストThis Claude Skill runs the lm-evaluation-harness to benchmark LLMs across 60+ standardized academic tasks like MMLU and GSM8K. It's designed for developers to compare model quality, track training progress, or report academic results. The tool supports various backends including HuggingFace and vLLM models.
sglang
メタSGLang is a high-performance LLM serving framework that specializes in fast, structured generation for JSON, regex, and agentic workflows using its RadixAttention prefix caching. It delivers significantly faster inference, especially for tasks with repeated prefixes, making it ideal for complex, structured outputs and multi-turn conversations. Choose SGLang over alternatives like vLLM when you need constrained decoding or are building applications with extensive prefix sharing.
cloudflare-turnstile
メタThis skill provides comprehensive guidance for implementing Cloudflare Turnstile as a CAPTCHA-alternative bot protection system. It covers integration for forms, login pages, API endpoints, and frameworks like React/Next.js/Hono, while handling invisible challenges that maintain user experience. Use it when migrating from reCAPTCHA, debugging error codes, or implementing token validation and E2E tests.
langchain
メタLangChain is a framework for building LLM applications using agents, chains, and RAG pipelines. It supports multiple LLM providers, offers 500+ integrations, and includes features like tool calling and memory management. Use it for rapid prototyping and deploying production systems like chatbots, autonomous agents, and question-answering services.