Skills type-safety-validation
📦

type-safety-validation

Low Risk ⚙️ External commands🌐 Network access📁 Filesystem access

Build Type-Safe TypeScript Apps

TypeScript teams often lose type safety between validation, APIs, database models, and UI code. This skill shows how to connect Zod, tRPC, Prisma, and TypeScript patterns into one typed workflow.

Supports: Claude Codex Code(CC)
🥉 77 Bronze
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "type-safety-validation". A product team needs safer user registration input handling.

Expected outcome:

  • A registration schema with email, password, role, and optional profile fields.
  • A typed result model for successful validation and structured validation errors.
  • Guidance to keep password policy, normalization, and user-facing messages consistent.

Using "type-safety-validation". An engineering team wants a typed posts API.

Expected outcome:

  • A recommended tRPC procedure structure for list and create operations.
  • Input boundaries for pagination, titles, and optional content.
  • A reminder to add authentication to write procedures before production use.

Using "type-safety-validation". A TypeScript codebase has duplicated API and database types.

Expected outcome:

  • A review of redundant type definitions and likely drift points.
  • A plan to derive types from schemas or router definitions.
  • Migration steps that reduce manual casting and unsafe any usage.

Security Audit

Low Risk
v7 • 6/28/2026

The static analyzer flagged many high-risk patterns, but review shows they are markdown code fences, TypeScript examples, documentation URLs, and relative imports. No malicious behavior or prompt injection was found. One low-risk documentation issue remains because a sample tRPC mutation uses publicProcedure without showing authentication.

1
Files scanned
326
Lines analyzed
7
findings
7
Total audits
Low Risk Issues (4)
Static Command Execution Detections Are Markdown False Positives
The external command findings point to markdown code fences and TypeScript sample blocks, not runnable Ruby or shell backtick execution. The skill contains instructional examples, and no executable script file or command invocation was found.
Network And Filesystem Detections Are Documentation Examples
The hardcoded URL findings are localhost, example API, and public documentation links. The filesystem findings are TypeScript method chaining and a relative import inside sample code, not hidden file access or path traversal.
Weak Crypto And Reconnaissance Detections Are Terminology False Positives
The blocker findings map to general TypeScript, Prisma, or decorator terminology such as descriptions, descending sort order, and type utilities. No hashing algorithm, host discovery, scanning logic, or reconnaissance behavior was present.
Sample Mutation Omits Authentication Context
The full-stack example uses publicProcedure for a create mutation and does not show authorization checks. This is not malicious, but users could copy the sample into a production API without adding access control.

Detected Patterns

Unauthenticated Write Procedure In Sample Code
Audited by: codex View Audit History →

Quality Score

55
Architecture
100
Maintainability
87
Content
70
Community
82
Security
83
Spec Compliance

What You Can Build

Design a Typed API

Plan request validation, response types, and client usage before implementing a new TypeScript API.

Improve Form And Input Validation

Convert informal validation rules into reusable Zod schemas with clear error handling.

Audit Full-Stack Type Boundaries

Review where database, API, and UI types diverge, then create a safer shared contract.

Try These Prompts

Create a Basic Zod Schema
Help me define a Zod schema for this user input shape. Include inferred TypeScript types and safe error handling.
Design a tRPC Procedure
Design a tRPC procedure for this feature. Include input validation, output shape, and client usage guidance.
Connect Prisma and Validation
Review this Prisma model and suggest matching validation schemas for create, update, and query operations.
Audit End-to-End Type Safety
Audit this TypeScript feature for type-safety gaps across UI, API, validation, and database layers. Prioritize fixes by risk.

Best Practices

  • Validate data at every external boundary, including forms, APIs, webhooks, and environment variables.
  • Derive TypeScript types from validation schemas or API routers instead of duplicating contracts.
  • Add authentication and authorization checks around write operations before using examples in production.

Avoid

  • Do not rely only on compile-time types for untrusted runtime input.
  • Do not copy public write procedure examples into production without access control.
  • Do not silence type errors with any when a schema or type guard can model the data.

Frequently Asked Questions

Does this skill execute code?
No. It provides documentation and examples for type-safe TypeScript development.
Which libraries does it focus on?
It focuses on Zod, tRPC, Prisma, and modern TypeScript patterns.
Can it replace a security review?
No. It improves type and validation design, but security controls still need separate review.
Is it useful for existing projects?
Yes. It can help identify unsafe boundaries and plan a gradual migration to stronger types.
Does it support Claude, Codex, and Claude Code?
Yes. The marketplace metadata lists support for Claude, Codex, and Claude Code.
What should users check before production use?
Users should verify package versions, add authorization, and adapt examples to their application architecture.

Developer Details

File structure

📄 SKILL.md