Best security CLAUDE.md rules
CLAUDE.md rule sets for secure coding — OWASP, vulnerability prevention, and code-review standards.
CLAUDE.md rule sets for secure coding — OWASP, vulnerability prevention, and code-review standards.
Compared at a glance
The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.
| Field | Security Auditor Expert - CLAUDE.md Rules for Claude Code Configure Claude as a security expert for vulnerability assessment, penetration testing, and security best practices Open dossier | Security-First React Components for Claude Security-first React component architect with XSS prevention, CSP integration, input sanitization, and OWASP Top 10 mitigation patterns Open dossier | High-Risk Code Review Escalation Rules Source-backed rules for deciding when an AI-assisted code review must escalate high-risk changes to security, infrastructure, data, release, or domain owners before merge. Open dossier | MCP Remote Authorization Boundary Rules Source-backed rules for reviewing remote MCP server authorization boundaries: protected resource metadata, OAuth resource indicators, token audience checks, least-privilege scopes, and cross-server token isolation. Open dossier | AI-Generated Frontend Accessibility Review Rules Source-backed rules for reviewing AI-generated frontend UI changes for accessibility before merge, with semantic HTML, keyboard paths, focus management, labels, automated scan limits, manual checks, and privacy-safe evidence. Open dossier |
|---|---|---|---|---|---|
| Trust | |||||
| Install risk | Review first | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | rules | rules | rules | rules | rules |
| Source | source-backed | source-backed | source-backed | source-backed | source-backed |
| Author | JSONbored | JSONbored | MkDev11 | JSONbored | MkDev11 |
| Added | 2025-09-15 | 2025-10-16 | 2026-06-04 | 2026-06-05 | 2026-06-04 |
| Platforms | Claude Code | Claude Code | Claude Code | Claude Code | Claude Code |
| Source repo | — | — | — | — | — |
| Safety notes | ✓Only assess, scan, or test systems you own or are explicitly authorized to test; unauthorized penetration testing or exploitation is illegal. Treat any active scanning, exploitation, or DAST tooling as potentially destructive; run it against staging or scoped targets, never production without written authorization. Vulnerability findings and exploit details are sensitive; handle and disclose them responsibly rather than committing live exploits or unredacted reports. | ✓Recommendations may include shell commands, package installs, or file edits; review and run any suggested changes yourself instead of applying them unverified. | ✓High-risk changes can alter auth, authorization, secrets, production data, network exposure, infrastructure, release automation, or dependency trust; escalate before merge instead of relying on a single reviewer. Treat AI-generated patches, summaries, migrations, policy edits, generated clients, and workflow changes as untrusted until the source diff and checks are reviewed. Require a rollback or disablement path for production-facing changes, especially when the blast radius includes customer data, credentials, deployments, billing, or public APIs. | ✓These rules do not execute the MCP server; they define review requirements before a server is connected to a real account. A server that accepts wrong-audience tokens, broad scopes, or forwarded user tokens should not be approved until the boundary is corrected. Use separate runtime testing before trusting any OAuth-backed tool that can write, delete, bill, publish, or modify account data. | ✓AI-generated UI can silently replace semantic controls with divs, remove labels, hide focus indicators, break keyboard order, change error messaging, or add motion that affects users. Automated scans catch important classes of issues but do not prove that custom widgets, focus restoration, reading order, copy meaning, or assistive-technology behavior are correct. Browser automation and accessibility checks should run against local, preview, or staging environments with test accounts so forms, payments, messages, and destructive actions are not triggered in production. |
| Privacy notes | ✓Security review reads source code, configuration, environment files, and logs that can contain secrets, API keys, tokens, credentials, and PII. Do not paste discovered secrets, customer data, or internal log contents into shared chats, issues, or public notes; redact before reporting. Scanned outputs and incident artifacts may carry user data subject to GDPR/CCPA; store and transmit them only through approved, access-controlled channels. | ✓Guides Claude to read your repository files plus any code, logs, configuration, or credentials you share in the session; nothing is transmitted beyond the model, but review what you expose before sharing. | ✓Escalation notes can expose private incident context, customer identifiers, secrets, account IDs, internal topology, or vulnerability details if copied into public PR comments. Use private security channels for embargoed vulnerabilities, secrets, regulated data, and exploit details; keep public PR notes synthetic and minimally revealing. Do not paste raw logs, traces, prompts, database rows, screenshots, or security scan output into review notes unless they have been redacted. | ✓Authorization metadata, resource identifiers, issuer URLs, scopes, and token-audience notes can reveal account architecture. Do not paste access tokens, client secrets, refresh tokens, or internal tenant identifiers into public review comments. | ✓Accessibility evidence can include screenshots, DOM text, accessible names, form values, labels, user content, network traces, browser storage, cookies, and test account data. Do not paste raw screenshots, traces, accessibility trees, DOM snapshots, customer names, private routes, or production form data into public PR comments without redaction. Use synthetic content and test accounts for accessibility examples, especially when reviewing auth, billing, dashboards, healthcare, education, or support flows. |
| Prerequisites | — none listed | — none listed |
|
|
|
| Install | — | — | — | — | — |
| Config | — | — | — | — | — |
| Citations | |||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
- 01Why it made the cut
Security Auditor Expert - CLAUDE.md Rules for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 02Why it made the cut
Security-First React Components for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 03Why it made the cut
High-Risk Code Review Escalation Rules is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 04Why it made the cut
MCP Remote Authorization Boundary Rules is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 05Why it made the cut
AI-Generated Frontend Accessibility Review Rules is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 06Why it made the cut
Kubernetes DevSecOps Engineer for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 07Why it made the cut
MCP Local Tool Access Rules is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 08Why it made the cut
Production Database Migration Safety Rules is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 09Why it made the cut
TypeScript API Client Compatibility Review Rules is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 10Why it made the cut
Code Review Expert for Claude is included because it has privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 11Why it made the cut
Dependency Update Review Rules is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 12Why it made the cut
Production Codebase Auditor - CLAUDE.md Rules for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.
Suggest a pickGet the weekly brief
One calm read on Claude workflows. Sundays. No tracking pixels.
Unsubscribe any time. No tracking pixels. No partner blasts.