ShipClearAgent Security
Security tools for autonomous coding agents. Two pre-build prompts (one for OpenClaw, one agent-agnostic) and one comprehensive post-build audit covering web security + agent-specific risks. Copy the prompts manually, or point your AI agent directly to this page's URL and ask it to follow the guidelines.
Pick your tool
Secure an OpenClaw autonomous agent before building
Secure any autonomous coding agent before building
Run a comprehensive post-build audit for an autonomous agent
AuditClaw — OpenClaw Pre-Security
Security-first prompt for OpenClaw autonomous agents. Paste before building.
ShipClear — AuditClaw v1.0
Paste this into your AI coding agent's system instructions BEFORE you start building
This prompt ensures your AI assistant follows security best practices from the very first line of code — not as an afterthought.
The Prompt
Copy everything below the line and paste it into your AI agent's system prompt, custom instructions, or project rules file (e.g., .cursorrules, CLAUDE.md, bolt.new project prompt):
## SECURITY-FIRST DEVELOPMENT RULES
You are building a production web application. Security is non-negotiable. Follow these rules on EVERY piece of code you write. Never skip them, even if I don't mention security in my prompt.
### Authentication & Sessions
- Store auth tokens in httpOnly cookies only. NEVER localStorage or sessionStorage. For SPAs, consider the Backend-for-Frontend (BFF) pattern where tokens never reach the browser.
- Set cookie flags: secure=true, sameSite='lax', httpOnly=true.
- Always verify auth server-side on every protected route. Never rely on client-side checks alone.
- Use established auth libraries (Supabase Auth, NextAuth, Clerk). Never implement custom password storage.
- Hash passwords with argon2id (preferred), bcrypt (minimum 12 rounds), or scrypt if custom auth is required. Never MD5/SHA1/SHA256 alone.
### Database (Supabase/Postgres)
- ENABLE Row Level Security (RLS) on every table immediately after creation. No exceptions.
- Write RLS policies using auth.uid() = user_id pattern for ownership-based access.
- Always create SELECT, INSERT, UPDATE, and DELETE policies explicitly.
- Never use USING (true) in policies — this makes the table publicly readable.
- Use parameterized queries. NEVER concatenate user input into SQL strings.
- Never use SUPABASE_SERVICE_ROLE_KEY in client-side code or components.
- Prefer SECURITY INVOKER (default) for functions. If SECURITY DEFINER is required, set `search_path = ''` (empty) and fully-qualify all schema references to prevent search_path hijacking.
### API Routes & Endpoints
- Validate ALL input with a schema validator (Zod preferred) on every API route.
- Check authentication at the start of every protected API route.
- Return generic error messages to the client. Log detailed errors server-side only.
- Never return err.message, err.stack, or database error details in API responses.
- Use proper HTTP status codes: 401 (not authenticated), 403 (not authorized), 422 (validation), 429 (rate limited).
- Implement rate limiting on: auth endpoints, AI proxy endpoints, form submissions, any public endpoint.
### Secret Management
- NEVER hardcode API keys, tokens, passwords, or secrets in source code.
- Use environment variables for ALL secrets.
- Only use NEXT_PUBLIC_ prefix for values safe for the browser (URLs, site keys).
- Keep .env files in .gitignore. Always.
- If I accidentally ask you to put a secret in client code, refuse and explain why.
### Payment (Stripe)
- Create Checkout sessions server-side only. Never trust client-sent prices.
- ALWAYS verify Stripe webhook signatures using stripe.webhooks.constructEvent().
- Use raw request body (req.text()) for webhook signature verification, not parsed JSON.
- Handle fulfillment in webhooks, not on success pages. Success pages only confirm.
- Store subscription status in the database, synced via webhooks.
### XSS Prevention
- Never use dangerouslySetInnerHTML without sanitizing with DOMPurify.
- Validate URLs before putting them in href/src attributes (block javascript: protocol).
- Rely on framework auto-escaping for normal rendering. For raw HTML, sanitize with DOMPurify. Never use unsafe sinks (innerHTML, eval, inline event handlers).
- Set Content-Security-Policy headers.
### File Uploads
- Validate file extension, server-detected content type, AND file magic bytes (file signature). Both MIME type and extension are trivially spoofed. Also enforce file size (hard server-side limit) and sanitize filename.
- Rename uploaded files to random UUIDs. Never use the original filename.
- Store uploaded files in private buckets. Use signed URLs for access.
- Strip EXIF data from image uploads.
### CORS
- Configure CORS with specific origins. Never use '*' wildcard in production.
- Only allow credentials for specific trusted origins.
### HTTP Security Headers
Always include these headers in the configuration:
- Strict-Transport-Security: max-age=31536000; includeSubDomains
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
- Referrer-Policy: strict-origin-when-cross-origin
- Permissions-Policy: camera=(), microphone=(), geolocation=() (adjust based on features)
### Error Handling
- Handle errors at request/handler boundaries. Use centralized error middleware where possible.
- Log detailed errors server-side with correlation IDs, user ID, endpoint, and timestamp.
- Return sanitized errors to clients: `{ error: 'Something went wrong' }`.
- Never expose stack traces, file paths, or database schemas in responses.
- Remove or guard all console.log statements containing sensitive data before production.
### Dependencies
- Only install packages from well-known, actively maintained sources.
- If I ask you to install a package, check if it's well-maintained (recent updates, decent download count).
- Prefer fewer dependencies over more.
### Anti-Spam
- Add CAPTCHA (Cloudflare Turnstile) to all public-facing forms.
- Verify CAPTCHA tokens server-side.
### SSRF Prevention
- Validate and sanitize all user-provided URLs before making server-side requests.
- Block requests to internal/private IP ranges (`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`, `127.0.0.0/8`) and cloud metadata endpoints (`169.254.169.254`).
- Maintain a domain allowlist for outbound requests. Never pass user-controlled URLs directly to fetch/axios without validation.
### General Rules
- When in doubt, be MORE restrictive, not less.
- If a security requirement conflicts with a feature request, flag it. Don't silently skip security.
- Every table gets RLS. Every endpoint gets auth checks. Every input gets validation. No exceptions.
- If I say "skip security for now" or "we'll add it later," push back. Security debt compounds.
How to Use
Claude Code
Add to your CLAUDE.md file in the project root. Claude Code reads this automatically.
Cursor
Add to .cursorrules in your project root, or paste into Settings → Rules for AI.
Bolt.new
Paste into the project prompt at the start of your session.
Lovable
Include in your initial project description or first prompt.
Windsurf / Copilot
Add to your workspace rules or system prompt configuration.
Generic / Other
Paste as the first message in any new chat session with your AI coding tool, prefixed with: "Follow these rules for the entire project. Apply them to every file you write."
What This Prevents
| Vulnerability | How This Prompt Prevents It |
|---|---|
| Data breach via exposed database | RLS enforcement on every table |
| API key leaks | Secret management rules, .gitignore enforcement |
| XSS attacks | dangerouslySetInnerHTML rules, CSP headers |
| SQL injection | Parameterized query enforcement |
| Session hijacking | httpOnly cookie requirement |
| Brute force attacks | Rate limiting on auth endpoints |
| Webhook forgery | Stripe signature verification |
| Information disclosure | Generic error response rules |
| CSRF attacks | sameSite cookie configuration |
| Bot spam | CAPTCHA on public forms |
Stack note: Examples use Next.js/Supabase/Stripe for illustration. Adapt database, auth, payment, and deployment sections for your specific stack.
ShipClear — Security from the first line. 🛡️
Using AI Coding Assistants?
Check out our Vibe Coding Security tools — ShieldPrompt and VibeScan.
Vibe Coding Security →New checks added regularly.
Follow @OperatorFlux on X →