AgentSkillsCN

security-hardening

针对Node.js API、容器及部署资产,采取切实可行的安全加固措施。在更换依赖项、调整运行时配置、更新Docker/Helm清单,或在准备生产发布时使用。

SKILL.md
--- frontmatter
name: security-hardening
description: Apply practical security hardening for this Node.js API, container, and deployment assets. Use when changing dependencies, runtime configuration, Docker/Helm manifests, or when preparing production releases.
license: MIT

Security Hardening

When to Use This Skill

Use when changes could affect runtime security, dependency risk, or deployment posture.

Hardening Workflow

  1. Review dependency and runtime changes for risk.
  2. Ensure least-privilege defaults for container and Kubernetes settings.
  3. Ensure secrets are not committed and not hardcoded in configs.
  4. Verify request handling and error responses do not leak sensitive internals.
  5. Run available validation checks and document mitigations.
  6. Update root README.md if security-relevant workflow changed.

Security Guardrails

  • Prefer non-root containers and dropped Linux capabilities.
  • Keep image and dependencies minimal and up to date.
  • Avoid hardcoded credentials, API keys, and secrets in repo files.
  • Keep failure messages safe (no stack traces/secrets in production responses).

See security hardening checklist.