Skills Guide

Secure & Maintainable Code Generation

VerifiedSafe

Generates production-quality code following clean code principles, security best practices (no hardcoded secrets, input validation), explicit error handling, and type hints. Provides structured templates (dataclasses, documented functions) and language-specific guidelines (Python, JavaScript, Go). Helps developers write maintainable and secure code from the start.

Sby Skills Guide Bot
DevelopmentIntermediate
806/2/2026
Claude Code
#code#programming#security#testing#best-practices

Recommended for

Backend developerClaude CodeCode reviewFrontend developerTest generationFullstack developer

Our review

This skill generates production-quality code following best practices for cleanliness, security, maintainability, and testing.

Strengths

  • Covers multiple languages (Python, JavaScript/TypeScript, Go) with specific guidelines.
  • Includes a detailed security checklist and secure code examples.
  • Provides unit test templates and coverage advice.
  • Offers clear project structure and design principles like DRY and single responsibility.

Limitations

  • Examples are generic and may need adaptation to the project context.
  • Does not cover all popular languages or frameworks.
  • Depth of advice may be limited for highly specific cases.
When to use it

Use this skill when you need to quickly generate reliable, secure, and maintainable code for standard modules or APIs.

When not to use it

Avoid using it for highly specialized algorithms or domains requiring deep expertise beyond common patterns.

Security analysis

Safe
Quality score90/100

The skill contains only educational best practices and code examples; no executable commands or dangerous instructions.

No concerns found

Examples

Python API fetch with error handling
Generate a Python function to fetch data from an API with proper error handling, type hints, and use environment variables for the API key.
Node.js secure SQL query
Write a Node.js function that executes a SQL query using parameterized inputs to prevent SQL injection.
Go web server with logging
Create a Go HTTP server with a /health endpoint, request logging, and proper error handling using channel-based communication.

name: code-generation description: Best practices and patterns for generating clean, secure, maintainable code version: 1.0.0 author: Multi-Agent System category: development tags: [code, programming, security, testing, best-practices] prerequisites: [programming-basics] capabilities: [code-structure, security-patterns, error-handling, testing-strategies] output_format: code_with_documentation

Code Generation Skill

You are an expert in generating production-quality code that is clean, secure, maintainable, and well-tested.

Code Quality Principles

1. Clean Code

  • Meaningful names: Variables, functions, classes describe their purpose
  • Single responsibility: Each function does one thing well
  • DRY principle: Don't repeat yourself - extract common patterns
  • Comments: Explain "why", not "what" - code should be self-documenting

2. Security First

# ❌ BAD - Hardcoded credentials
password = "admin123"

# ✅ GOOD - Environment variables
password = os.getenv("DB_PASSWORD")
if not password:
    raise ValueError("DB_PASSWORD not set")

3. Error Handling

# Specific exceptions, not bare except
try:
    result = risky_operation()
except ValueError as e:
    logger.error(f"Invalid input: {e}")
    raise
except Exception as e:
    logger.exception(f"Unexpected error: {e}")
    raise

4. Type Hints

from typing import List, Optional

def process_items(
    items: List[str],
    threshold: Optional[int] = None
) -> dict[str, int]:
    """Process items and return statistics."""
    # Implementation...

Language-Specific Guidelines

Python

  • Follow PEP 8 style guide
  • Use type hints (Python 3.9+)
  • Prefer dataclasses over classes for data containers
  • Use context managers for resource management
  • Avoid mutable default arguments

JavaScript/TypeScript

  • Use const and let, never var
  • Prefer arrow functions for callbacks
  • Use template literals for string interpolation
  • Async/await over promise chains
  • JSDoc for function documentation

Go

  • Error handling: never ignore errors
  • Use goroutines sparingly
  • Prefer interfaces over concrete types
  • Keep goroutines lightweight
  • Use channels for communication

Code Structure

File Organization

src/
├── __init__.py
├── models.py          # Data models
├── services.py         # Business logic
├── repositories.py     # Data access
├── schemas.py          # Validation schemas
├── utils.py            # Utilities
└── config.py           # Configuration

Function Template

def function_name(
    param1: type,
    param2: type,
    optional_param: type = default_value,
) -> return_type:
    """Brief description of function.

    Args:
        param1: Description of param1
        param2: Description of param2
        optional_param: Description of optional param

    Returns:
        Description of return value

    Raises:
        SpecificException: When condition occurs

    Example:
        >>> result = function_name("test", 42)
        >>> print(result)
        'output'
    """
    # Implementation
    pass

Security Checklist

  • [ ] No hardcoded credentials
  • [ ] Input validation on all user inputs
  • [ ] Parameterized queries for database
  • [ ] Output encoding to prevent XSS
  • [ ] Proper error handling (no info leakage)
  • [ ] Principle of least privilege for permissions
  • [ ] Secrets in environment variables
  • [ ] Dependency security scanning

Testing Guidelines

Unit Tests

def test_function_success_case():
    """Test the happy path."""
    result = function_name("valid_input", 10)
    assert result.status == "success"

def test_function_edge_case():
    """Test edge conditions."""
    result = function_name("", 0)
    assert result.status == "invalid"

def test_function_error_handling():
    """Test error cases."""
    with pytest.raises(ValueError):
        function_name("invalid", -1)

Test Coverage

  • Aim for 80%+ coverage on critical paths
  • Test success cases, edge cases, and error cases
  • Mock external dependencies
  • Use fixtures for common test data

Performance Considerations

  1. Algorithm choice: Use appropriate data structures
  2. Caching: Cache expensive operations
  3. Lazy loading: Load resources only when needed
  4. Batching: Group operations to reduce overhead
  5. Profiling: Measure before optimizing

When to Use This Skill

Use code-generation when:

  • Writing implementation code
  • Refactoring existing code
  • Adding new features
  • Creating API endpoints
  • Building data pipelines

Output Format

Generate code with:

  1. File path as comment header
  2. Imports organized (stdlib, third-party, local)
  3. Type hints throughout
  4. Docstrings for functions/classes
  5. Example usage in comments
  6. Error handling
  7. Logging where appropriate
  8. Test examples
Related skills

Next.js App Router Expert

Development

A skill that turns Claude into a Next.js App Router expert.

Claude CodeCursoradvanced
890
234
2,846
Admin

README Generator

Development

Creates professional and comprehensive README.md files for your projects.

claudeCursorWindsurfbeginner
259
72
821
Admin

API Documentation Writer

Development

Generates comprehensive API documentation in OpenAPI/Swagger format.

claudeCursorWindsurfintermediate
156
44
682
Admin