epic-security
Provides guidelines for implementing security practices in Epic Stack, including CSP, rate limiting, and session security.
Install this skill
or
72/100
Security score
The epic-security skill was audited on Feb 9, 2026 and we found 12 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 208
Template literal with variable interpolation in command context
SourceSKILL.md
| 208 | return req.get('fly-client-ip') ?? `${req.ip}` |
medium line 410
Template literal with variable interpolation in command context
SourceSKILL.md
| 410 | res.redirect(`https://${host}${req.originalUrl}`) |
low line 171
Access to .env file
SourceSKILL.md
| 171 | validFromFieldName: process.env.NODE_ENV === 'test' ? null : undefined, |
low line 172
Access to .env file
SourceSKILL.md
| 172 | encryptionSeed: process.env.HONEYPOT_SECRET, |
low line 269
Access to .env file
SourceSKILL.md
| 269 | secrets: process.env.SESSION_SECRET.split(','), // Secret rotation |
low line 270
Access to .env file
SourceSKILL.md
| 270 | secure: process.env.NODE_ENV === 'production', // HTTPS only in production |
low line 422
Access to .env file
SourceSKILL.md
| 422 | # .env |
medium line 437
Access to .env file
SourceSKILL.md
| 437 | - Use `.env.example` to document required variables |
medium line 438
Access to .env file
SourceSKILL.md
| 438 | - `.env` is in `.gitignore` |
low line 410
External URL reference
SourceSKILL.md
| 410 | res.redirect(`https://${host}${req.originalUrl}`) |
low line 598
External URL reference
SourceSKILL.md
| 598 | - [Epic Web Principles](https://www.epicweb.dev/principles) |
low line 599
External URL reference
SourceSKILL.md
| 599 | - [OWASP Top 10](https://owasp.org/www-project-top-ten/) |
Scanned on Feb 9, 2026
View Security DashboardGitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
majiayu000/claude-skill-registry