Security

by khaneliman

NixOS system configuration and administration. Use when configuring system services, hardware setup, networking, security hardening, boot configuration, or system maintenance.

by hellowind777

Complete knowledge base management rules; read when ~init command or knowledge base missing; includes creation, synchronization, audit, context acquisition rules

by AojdevStudio

Import Fidelity transaction history CSV into Google Sheets with smart categorization. USE WHEN user mentions "sync transactions", "import transactions", "transaction history", OR wants to import Fidelity History CSV. Routes debit card purchases to Expense Tracker with auto-categorization.

by benchflow-ai

Manage SSL/TLS certificates with automated provisioning, renewal, and monitoring using Let's Encrypt, ACM, or Vault.

by mhattingpete

Execute Python code locally with marketplace API access for 90%+ token savings on bulk operations. Activates when user requests bulk operations (10+ files), complex multi-step workflows, iterative processing, or mentions efficiency/performance.

by CaoMeiYouRen

分析项目上下文、Nuxt 3 结构和依赖项，用于规划和调试。

by MadAppGang

Show active tracks, progress, current tasks, and blockers

by wheels-dev

Generate RESTful API controllers with JSON responses, proper HTTP status codes, and API authentication. Use when creating API endpoints, JSON APIs, or web services. Ensures proper REST conventions and error handling.

by wheels-dev

Generate authentication system with user model, sessions controller, and password hashing. Use when implementing user authentication, login/logout, or session management. Provides secure authentication patterns and bcrypt support.

by wheels-dev

Generate Wheels MVC controllers with CRUD actions, filters, parameter verification, and proper rendering. Use when creating or modifying controllers, adding actions, implementing filters for authentication/authorization, handling form submissions, or rendering views/JSON. Ensures proper Wheels conventions and prevents common controller errors.

by wheels-dev

Refactor Wheels code for better performance, security, and maintainability. Use when optimizing code, fixing anti-patterns, improving performance, or enhancing security. Provides refactoring patterns and best practices.

by XSpoonAi

Data processing skill with Python and shell scripts for file analysis and transformation

by jezweb

Self-hosted auth for TypeScript/Cloudflare Workers with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Requires Drizzle ORM or Kysely for D1 (no direct adapter). Self-hosted alternative to Clerk/Auth.js.Use when: self-hosting auth on D1, building OAuth provider, multi-tenant SaaS, or troubleshooting D1 adapter errors, session caching, rate limits.

by jezweb

Build autonomous AI agents with Claude Agent SDK. Structured outputs guarantee JSON schema validation, with plugins system and hooks for event-driven workflows. Prevents 12 documented errors.Use when: building coding agents, SRE systems, security auditors, or troubleshooting CLI not found, structured output validation, session forking errors.

by jezweb

Build Python APIs with FastAPI, Pydantic v2, and SQLAlchemy 2.0 async. Covers project structure, JWT auth, validation, and database integration with uv package manager.Use when: creating Python APIs, implementing JWT auth, or troubleshooting 422 validation, CORS, or async blocking errors.

by jezweb

Build Python web apps with Flask using application factory pattern, Blueprints, and Flask-SQLAlchemy. Covers project structure, authentication, and configuration management.Use when: creating Flask projects, organizing blueprints, or troubleshooting circular imports, context errors, or registration.

by jezweb

Set up Sveltia CMS - lightweight Git-backed CMS successor to Decap/Netlify CMS (300KB bundle, 270+ fixes). Framework-agnostic for Hugo, Jekyll, 11ty, Astro.Use when adding CMS to static sites, migrating from Decap CMS, or fixing OAuth, YAML parse, CORS/COOP errors.

by jezweb

Build secure WordPress plugins with hooks, database interactions, Settings API, custom post types, and REST API. Covers Simple, OOP, and PSR-4 architecture patterns plus the Security Trinity.Use when creating plugins or troubleshooting SQL injection, XSS, CSRF vulnerabilities, or plugin activation errors.

by memvid

Claude Mind - Search and manage Claude's persistent memory stored in a single portable .mv2 file

by elithrar

Analyzes web performance using Chrome DevTools MCP. Measures Core Web Vitals (FCP, LCP, TBT, CLS, Speed Index), identifies render-blocking resources, network dependency chains, layout shifts, caching issues, and accessibility gaps. Use when asked to audit, profile, debug, or optimize page load performance, Lighthouse scores, or site speed.

by whawkinsiv

Optimize your SaaS app across four dimensions - Speed (page load, API response), Code (unused files, dead code), Database (orphaned data, schema hygiene), and Dependencies (package bloat, bundle size). Use when app feels slow, codebase feels bloated, or after significant development work accumulates. Each path follows AUDIT → CLEAN → PREVENT workflow.

by whawkinsiv

Protect your SaaS app from common vulnerabilities. Use when building auth, handling user data, or deploying features. Covers authentication, data protection, API security, and OWASP Top 10 for non-technical founders using AI tools.

by getsentry

Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.

by markmdev

Interview to learn about this project's context, criticality, security requirements, and priorities. Results saved to project profile.

by doccker

前端开发规范，包含 Vue 3 编码规范、UI 风格约束、TypeScript 规范等

by paiml

Tracks and manages technical debt using PMAT (Pragmatic AI Labs MCP Agent Toolkit).Use this skill when:- User asks about technical debt, TODO comments, or code quality issues- Planning sprint work and need to prioritize debt repayment- Conducting code audits or technical debt assessments- Tracking debt accumulation trends over time- Creating technical debt reports for stakeholdersDetects SATD (Self-Admitted Technical Debt) annotations: TODO, FIXME, HACK, XXX, NOTE comments.Provides debt quantification in hours, prioritization by severity, and repayment tracking.

by ZhangHanDong

Use when building IoT apps. Keywords: IoT, Internet of Things, sensor, MQTT, device, edge computing, telemetry, actuator, smart home, gateway, protocol, 物联网, 传感器, 边缘计算, 智能家居

by ZhangHanDong

Use when building web services. Keywords: web server, HTTP, REST API, GraphQL, WebSocket, axum, actix, warp, rocket, tower, hyper, reqwest, middleware, router, handler, extractor, state management, authentication, authorization, JWT, session, cookie, CORS, rate limiting, web 开发, HTTP 服务, API 设计, 中间件, 路由

by ZhangHanDong

Use when designing domain error handling. Keywords: domain error, error categorization, recovery strategy, retry, fallback, domain error hierarchy, user-facing vs internal errors, error code design, circuit breaker, graceful degradation, resilience, error context, backoff, retry with backoff, error recovery, transient vs permanent error, 领域错误, 错误分类, 恢复策略, 重试, 熔断器, 优雅降级

by einverne

Guide for implementing Better Auth - a framework-agnostic authentication and authorization framework for TypeScript. Use when adding authentication features like email/password, OAuth, 2FA, passkeys, or advanced auth functionality to applications.

by Microck

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

by korallis

Respond to production incidents systematically with triage, investigation, resolution, and post-mortem analysis to minimize downtime and prevent recurrence. Use when handling production outages, triaging incidents, investigating critical bugs, coordinating incident response, implementing hotfixes, conducting post-mortems, or establishing incident response procedures.

by aiskillstore

Allra 백엔드 에러 핸들링 및 예외 처리 표준. Use when handling errors, creating custom exceptions, or implementing error responses.

by aiskillstore

Guide to using Better Auth for client and server-side authentication.

by aiskillstore

执行数学计算，支持基本运算和复杂表达式

by aiskillstore

When the user asks about ClickUp synchronization or syncing roadmaps with ClickUp

by aiskillstore

Validates type consistency across Rust, TypeScript, PostgreSQL boundaries. Use when reviewing code, debugging type mismatches, or validating API contracts. Triggers on: check consistency, validate types, find mismatches, cross-language.

by aiskillstore

Process and transform arrays of data with common operations like filtering, mapping, and aggregation

by aiskillstore

Manage environment variables securely. Handles distinction between .env (template) and .env.local (secrets).

by aiskillstore

Create forms, validation schemas, and CRUD API endpoints. Use when building new data entry features or managing existing forms.

by aiskillstore

Verify code quality standards are met - naming, structure, DRY principles. Issues result in SUGGESTIONS for improvement.

by aiskillstore

This skill should be used when the user asks to "add MCP server", "integrate MCP", "configure MCP in plugin", "use .mcp.json", "set up Model Context Protocol", "connect external service", mentions "${CLAUDE_PLUGIN_ROOT} with MCP", or discusses MCP server types (SSE, stdio, HTTP, WebSocket). Provides comprehensive guidance for integrating Model Context Protocol servers into Claude Code plugins for external tool and service integration.

by aiskillstore

Integrate with Replicate AI for running models (image generation, LLMs, etc.).

by aiskillstore

Detect accidentally committed secrets, credentials, and sensitive information in code.

by aiskillstore

Security validation, vulnerability scanning, and compliance checking.

by aiskillstore

Skills for spawning external processes - AI coding agents and generic CLI commands in new terminal windows. Parent skill category for agent and terminal spawning.

by aiskillstore

Auto-escalate reasoning depth for complex problems. Use proactively when encountering architecture, debugging, or unfamiliar code.

by aiskillstore

UUID generation skill - Universally Unique Identifiers v4 and v7 for entity IDs. For ng-events construction site progress tracking system.

by aiskillstore

Manage information from Wechat and Send Messages, Only could be activated with the MCP Server `WeChatMCP`. Check it before using any tools in this MCP server

by eser

Manages practice rules. Use when user states a preference or approach, or asks to add/modify rules for coding, architecture, tooling, or best practices.

by psincraian

Core myfy patterns and conventions for building applications. Use when working with myfy.core, Application, WebModule, DataModule, FrontendModule, TasksModule, UserModule, CliModule, AuthModule, RateLimitModule, or @route decorators.

by eser

Security practices including secrets management, input validation, SSRF prevention, and production hardening. Use for security-sensitive code.

by psincraian

myfy UserModule for authentication with email/password, OAuth, sessions, and JWT. Use when working with UserModule, BaseUser, OAuth providers, login, registration, password reset, email verification, or user authentication.

by ryuichi1208

OWASP API Security Top 10 (2023) と Rust セキュリティベストプラクティス。脆弱性検出。Use when: セキュリティ、脆弱性、OWASP、認証、認可、監査を依頼された時。

by Dicklesworthstone

>-

by pr-pm

Semantic code search using natural language queries. Use when users ask "where is X implemented", "how does Y work", "find the logic for Z", or need to locate code by concept rather than exact text. Returns file paths with line numbers and code snippets.

by HoangNguyen0403

Typed routing, nested routes, and guards using auto_route.

by HoangNguyen0403

Typed routes, route state, and redirection using go_router.

by HoangNguyen0403

Fastify adapter, Scope management, and Compression.

by HoangNguyen0403

Secure token storage (HttpOnly Cookies) and Middleware patterns.

by HoangNguyen0403

Secure, reusable data access patterns with DTOs and Taint checks.

by HoangNguyen0403

Mutations, Form handling, and RPC-style calls.

by HoangNguyen0403

Secure coding practices for building safe TypeScript applications.

by sammcj

Use when working with Anthropic Claude Agent SDK. Provides architecture guidance, implementation patterns, best practices, and common pitfalls.

by neondatabase

Sets up Neon Auth for your application. Configures authentication, creates auth routes, and generates UI components. Use when adding authentication to Next.js, React SPA, or Node.js projects.

by neondatabase

Sets up the full Neon JS SDK with unified auth and PostgREST-style database queries. Configures auth client, data client, and type generation. Use when building apps that need both authentication and database access in one SDK.

by Afaneor

Detects API keys, passwords, and secrets in code before they reach git. Use before commits, when working with credentials, or when user mentions "security check" or "secrets".