Most builders ship apps with zero security. They focus on features, design, and shipping fast. Security feels like homework. It's boring. It's not sexy. It doesn't get quote-tweets. Then they hit 10 users and the app starts breaking. Or worse, someone opens the browser console and realizes they can see the entire database. This is the exact 30-minute security checklist I run before every MVP launch. It's not exhaustive. It's not paranoid. It's the minimum viable security layer that protects you from the most common attacks and keeps your app from leaking data or racking up surprise bills. If you're shipping AI tools, SaaS, or any app with user data, bookmark this and run through it before you publish. 1. Row Level Security in Supabase This is the number one thing people skip and it's deadly. Without Row Level Security, anyone can read your entire database by opening the browser console and running a query. They don't need to hack anything. They don't need special tools. They just open DevTools and type a command. I've seen apps with thousands of users ship without RLS enabled. The database is wide open. User emails, passwords (hopefully hashed), payment data, everything. Here's how you check: Go to your Supabase dashboard. Click Authentication, then Policies. If you see zero policies, your app is completely exposed. The fix is simple. You need to add policies that restrict who can read, insert, update, or delete rows based on the authenticated user. If you're using Lovable, just ask it to enable RLS and write policies for your tables. It'll generate the SQL and apply it automatically. If you're doing it manually, here's the basic structure: Create a policy that says "users can only read rows where the user_id matches their own ID." Do this for every table that stores user-specific data. This takes 5 minutes and it's the difference between a secure app and a data breach waiting to happen. Don't skip this. Ever. 2. Test every single auth flow Signup, login, password reset, email verification.

Here's everything you need to supercharge Claude Cowork with free, open-source skills — contributed by official dev teams and the community. --- ## 🔥 What Are Claude Skills? Skills are like apps for Claude. Each skill file teaches Claude a new job, command, or workflow. Drop the file into your project and Claude learns it instantly — no coding required. --- ## 🏆 THE BIG LIBRARIES **1. Awesome Agent Skills** https://github.com/VoltAgent/awesome-agent-skills 380+ agent skills from Anthropic, Google, Vercel, Stripe, Cloudflare, and Netlify. The biggest collection available. Start here. **2. Claude Command Suite** https://github.com/qdhenry/Claude-Command-Suite 148 slash commands + 54 AI agents. Covers code review, feature creation, security audits, and architectural analysis. **3. Production-Ready Commands** https://github.com/wshobson/commands 57 battle-tested commands across 5 categories: • Claude Code Essentials • Full-Stack Development • Security Hardening • Data & ML Pipeline • Infrastructure & DevOps --- ## 📋 CURATED LISTS **4. Awesome Claude Code** https://github.com/hesreallyhim/awesome-claude-code The most organized curated list — skills, hooks, slash commands, and agent orchestrators. **5. Awesome Claude Skills** https://github.com/travisvn/awesome-claude-skills 20+ beginner-friendly skills including: /brainstorm • /write-plan • /execute-plan **6. Claude Code Settings** https://github.com/feiskyer/claude-code-settings Settings, custom commands, skills, and sub-agents. Great all-in-one starter kit. --- ## 🌐 WEB DIRECTORY **Browse everything in one place:** https://awesomeclaude.ai/ Explore the full collection before downloading. Best way to discover what you need.