Security

by Code-and-Sorts

Performs arbitrary-precision arithmetic calculations including addition, subtraction, multiplication, division, and exponents. Use when the user asks to calculate, compute, or evaluate math expressions, or when precise decimal arithmetic is needed to avoid floating-point errors.

by WellApp-ai

One-time environment setup for new team members

by WellApp-ai

Detect domain from context and find appropriate team member

by khaneliman

Manages encrypted secrets using sops-nix and age. Use when adding new secrets, rotating keys, debugging secret access, or setting up secret management for new hosts/users.

by khaneliman

NixOS system configuration and administration. Use when configuring system services, hardware setup, networking, security hardening, boot configuration, or system maintenance.

by hellowind777

Complete knowledge base management rules; read when ~init command or knowledge base missing; includes creation, synchronization, audit, context acquisition rules

by AojdevStudio

Import Fidelity transaction history CSV into Google Sheets with smart categorization. USE WHEN user mentions "sync transactions", "import transactions", "transaction history", OR wants to import Fidelity History CSV. Routes debit card purchases to Expense Tracker with auto-categorization.

by CharlesWiltgen

Use when structuring app entry points, managing authentication flows, switching root views, handling scene lifecycle, or asking 'how do I structure my @main', 'where does auth state live', 'how do I prevent screen flicker on launch', 'when should I modularize' - app-level composition patterns for iOS 26+

by CharlesWiltgen

Use when integrating App Intents for Siri, Apple Intelligence, Shortcuts, Spotlight, or system experiences - covers AppIntent, AppEntity, parameter handling, entity queries, background execution, authentication, and debugging common integration issues for iOS 16+

by CharlesWiltgen

Use for Core Location implementation patterns - authorization strategy, monitoring strategy, accuracy selection, background location

by CharlesWiltgen

Use for Core Location troubleshooting - no location updates, background location broken, authorization denied, geofence not triggering

by CharlesWiltgen

Use for Core Location API reference - CLLocationUpdate, CLMonitor, CLServiceSession, authorization, background location, geofencing

by CharlesWiltgen

Use when app drains battery, device gets hot, users report energy issues, or auditing power consumption - systematic Power Profiler diagnosis, subsystem identification (CPU/GPU/Network/Location/Display), anti-pattern fixes for iOS/iPadOS

by CharlesWiltgen

Use when asking about 'FileProtectionType', 'file encryption iOS', 'NSFileProtection', 'data protection', 'secure file storage', 'encrypt files at rest', 'complete protection', 'file security' - comprehensive reference for iOS file encryption and data protection APIs

by CharlesWiltgen

Use when fixing or auditing ANY accessibility issue - VoiceOver, Dynamic Type, color contrast, touch targets, WCAG compliance, App Store accessibility review.

by CharlesWiltgen

Reference — PHPickerViewController, PHPickerConfiguration, PhotosPicker, PhotosPickerItem, Transferable, PHPhotoLibrary, PHAsset, PHAssetCreationRequest, PHFetchResult, PHAuthorizationStatus, limited library APIs

by benchflow-ai

Manage SSL/TLS certificates with automated provisioning, renewal, and monitoring using Let's Encrypt, ACM, or Vault.

by mhattingpete

Execute Python code locally with marketplace API access for 90%+ token savings on bulk operations. Activates when user requests bulk operations (10+ files), complex multi-step workflows, iterative processing, or mentions efficiency/performance.

by CaoMeiYouRen

分析项目上下文、Nuxt 3 结构和依赖项，用于规划和调试。

by MadAppGang

Initialize Conductor with product.md, tech-stack.md, and workflow.md

by MadAppGang

Show active tracks, progress, current tasks, and blockers

by wheels-dev

Generate RESTful API controllers with JSON responses, proper HTTP status codes, and API authentication. Use when creating API endpoints, JSON APIs, or web services. Ensures proper REST conventions and error handling.

by wheels-dev

Generate authentication system with user model, sessions controller, and password hashing. Use when implementing user authentication, login/logout, or session management. Provides secure authentication patterns and bcrypt support.

by wheels-dev

Generate Wheels MVC controllers with CRUD actions, filters, parameter verification, and proper rendering. Use when creating or modifying controllers, adding actions, implementing filters for authentication/authorization, handling form submissions, or rendering views/JSON. Ensures proper Wheels conventions and prevents common controller errors.

by wheels-dev

Refactor Wheels code for better performance, security, and maintainability. Use when optimizing code, fixing anti-patterns, improving performance, or enhancing security. Provides refactoring patterns and best practices.

by Leavesfly

OWASP 安全检查清单

by Prorise-cool

Complete guide to installing Git and performing basic configuration across all platforms (Windows, macOS, Linux, WSL). Use when setting up Git for the first time, installing Git on new systems, configuring user identity, setting default branch, choosing editor, verifying installation, or troubleshooting Git installation issues. Covers platform-specific installation methods, basic required configuration, and verification steps.

by XSpoonAi

Data processing skill with Python and shell scripts for file analysis and transformation

by jezweb

Self-hosted auth for TypeScript/Cloudflare Workers with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Requires Drizzle ORM or Kysely for D1 (no direct adapter). Self-hosted alternative to Clerk/Auth.js.Use when: self-hosting auth on D1, building OAuth provider, multi-tenant SaaS, or troubleshooting D1 adapter errors, session caching, rate limits.

by jezweb

Build autonomous AI agents with Claude Agent SDK. Structured outputs guarantee JSON schema validation, with plugins system and hooks for event-driven workflows. Prevents 12 documented errors.Use when: building coding agents, SRE systems, security auditors, or troubleshooting CLI not found, structured output validation, session forking errors.

by jezweb

Build Python APIs with FastAPI, Pydantic v2, and SQLAlchemy 2.0 async. Covers project structure, JWT auth, validation, and database integration with uv package manager.Use when: creating Python APIs, implementing JWT auth, or troubleshooting 422 validation, CORS, or async blocking errors.

by jezweb

Build Python web apps with Flask using application factory pattern, Blueprints, and Flask-SQLAlchemy. Covers project structure, authentication, and configuration management.Use when: creating Flask projects, organizing blueprints, or troubleshooting circular imports, context errors, or registration.

by jezweb

Set up Sveltia CMS - lightweight Git-backed CMS successor to Decap/Netlify CMS (300KB bundle, 270+ fixes). Framework-agnostic for Hugo, Jekyll, 11ty, Astro.Use when adding CMS to static sites, migrating from Decap CMS, or fixing OAuth, YAML parse, CORS/COOP errors.

by jezweb

Build secure WordPress plugins with hooks, database interactions, Settings API, custom post types, and REST API. Covers Simple, OOP, and PSR-4 architecture patterns plus the Security Trinity.Use when creating plugins or troubleshooting SQL injection, XSS, CSRF vulnerabilities, or plugin activation errors.

by rsmdt

Apply consistent security, performance, and accessibility standards across all recommendations. Use when reviewing code, designing features, or validating implementations. Cross-cutting skill for all agents.

by memvid

Claude Mind - Search and manage Claude's persistent memory stored in a single portable .mv2 file

by elithrar

Analyzes web performance using Chrome DevTools MCP. Measures Core Web Vitals (FCP, LCP, TBT, CLS, Speed Index), identifies render-blocking resources, network dependency chains, layout shifts, caching issues, and accessibility gaps. Use when asked to audit, profile, debug, or optimize page load performance, Lighthouse scores, or site speed.

by whawkinsiv

Optimize your SaaS app across four dimensions - Speed (page load, API response), Code (unused files, dead code), Database (orphaned data, schema hygiene), and Dependencies (package bloat, bundle size). Use when app feels slow, codebase feels bloated, or after significant development work accumulates. Each path follows AUDIT → CLEAN → PREVENT workflow.

by whawkinsiv

Protect your SaaS app from common vulnerabilities. Use when building auth, handling user data, or deploying features. Covers authentication, data protection, API security, and OWASP Top 10 for non-technical founders using AI tools.

by getsentry

Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.

by markmdev

Interview to learn about this project's context, criticality, security requirements, and priorities. Results saved to project profile.

by Chachamaru127

Sets up new projects and generates workflow files like CLAUDE.md, AGENTS.md, Plans.md. Use when user mentions setup, initialization, new projects, or workflow file generation. Do NOT load for: implementation work, reviews, build verification, or deployments.

by doccker

前端开发规范，包含 Vue 3 编码规范、UI 风格约束、TypeScript 规范等

by paiml

Tracks and manages technical debt using PMAT (Pragmatic AI Labs MCP Agent Toolkit).Use this skill when:- User asks about technical debt, TODO comments, or code quality issues- Planning sprint work and need to prioritize debt repayment- Conducting code audits or technical debt assessments- Tracking debt accumulation trends over time- Creating technical debt reports for stakeholdersDetects SATD (Self-Admitted Technical Debt) annotations: TODO, FIXME, HACK, XXX, NOTE comments.Provides debt quantification in hours, prioritization by severity, and repayment tracking.

by ZhangHanDong

Use when building IoT apps. Keywords: IoT, Internet of Things, sensor, MQTT, device, edge computing, telemetry, actuator, smart home, gateway, protocol, 物联网, 传感器, 边缘计算, 智能家居

by ZhangHanDong

Use when building web services. Keywords: web server, HTTP, REST API, GraphQL, WebSocket, axum, actix, warp, rocket, tower, hyper, reqwest, middleware, router, handler, extractor, state management, authentication, authorization, JWT, session, cookie, CORS, rate limiting, web 开发, HTTP 服务, API 设计, 中间件, 路由

by ZhangHanDong

Use when designing domain error handling. Keywords: domain error, error categorization, recovery strategy, retry, fallback, domain error hierarchy, user-facing vs internal errors, error code design, circuit breaker, graceful degradation, resilience, error context, backoff, retry with backoff, error recovery, transient vs permanent error, 领域错误, 错误分类, 恢复策略, 重试, 熔断器, 优雅降级

by einverne

Guide for implementing Better Auth - a framework-agnostic authentication and authorization framework for TypeScript. Use when adding authentication features like email/password, OAuth, 2FA, passkeys, or advanced auth functionality to applications.

by barefootford

Sets up a Mac for ButterCut. Installs all required dependencies (Homebrew, Ruby, Python, FFmpeg, WhisperX). Use when user says "install buttercut", "set up my mac", "get started", "first time setup", "install dependencies" or "check my installation".

by panaversity

Build AI chat interfaces with custom backends, authentication, and context injection. Use when integrating chat UI with AI agents, adding auth, or injecting user/page context. Covers ChatKitServer, useChatKit, and MCP auth patterns.

by panaversity

Implement OAuth 2.1 / OIDC authentication using Better Auth with MCP assistance. Use when setting up a centralized auth server (SSO provider), implementing SSO clients in Next.js apps, configuring PKCE flows, or managing tokens with JWKS verification. Uses Better Auth MCP for guided setup. NOT when using simple session-only auth without OAuth/OIDC requirements.

by Microck

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

by korallis

Respond to production incidents systematically with triage, investigation, resolution, and post-mortem analysis to minimize downtime and prevent recurrence. Use when handling production outages, triaging incidents, investigating critical bugs, coordinating incident response, implementing hotfixes, conducting post-mortems, or establishing incident response procedures.

by aiskillstore

Allra 백엔드 에러 핸들링 및 예외 처리 표준. Use when handling errors, creating custom exceptions, or implementing error responses.

by aiskillstore

Guide to using Better Auth for client and server-side authentication.

by aiskillstore

Build AI chat interfaces with custom backends, authentication, and context injection.Use when integrating chat UI with AI agents, adding auth to chat, injecting user/page context,or implementing httpOnly cookie proxies. Covers ChatKitServer, useChatKit, and MCP auth patterns.NOT when building simple chatbots without persistence or custom agent integration.

by aiskillstore

执行数学计算，支持基本运算和复杂表达式

by aiskillstore

When the user asks about ClickUp synchronization or syncing roadmaps with ClickUp

by aiskillstore

Validates type consistency across Rust, TypeScript, PostgreSQL boundaries. Use when reviewing code, debugging type mismatches, or validating API contracts. Triggers on: check consistency, validate types, find mismatches, cross-language.

by aiskillstore

Implement OAuth 2.1 / OIDC authentication using Better Auth with MCP assistance. Use when settingup a centralized auth server (SSO provider), implementing SSO clients in Next.js apps, configuringPKCE flows, or managing tokens with JWKS verification. Uses Better Auth MCP for guided setup.NOT when using simple session-only auth without OAuth/OIDC requirements.

by aiskillstore

Process and transform arrays of data with common operations like filtering, mapping, and aggregation

by aiskillstore

Manage environment variables securely. Handles distinction between .env (template) and .env.local (secrets).

by aiskillstore

Create forms, validation schemas, and CRUD API endpoints. Use when building new data entry features or managing existing forms.

by aiskillstore

Verify code quality standards are met - naming, structure, DRY principles. Issues result in SUGGESTIONS for improvement.

by aiskillstore

This skill should be used when the user asks to "add MCP server", "integrate MCP", "configure MCP in plugin", "use .mcp.json", "set up Model Context Protocol", "connect external service", mentions "${CLAUDE_PLUGIN_ROOT} with MCP", or discusses MCP server types (SSE, stdio, HTTP, WebSocket). Provides comprehensive guidance for integrating Model Context Protocol servers into Claude Code plugins for external tool and service integration.

by aiskillstore

Integrate with Replicate AI for running models (image generation, LLMs, etc.).

by aiskillstore

Detect accidentally committed secrets, credentials, and sensitive information in code.

by aiskillstore

Security validation, vulnerability scanning, and compliance checking.

by aiskillstore

Use this skill when implementing security measures or conducting security audits. Provides OWASP Top 10 mitigations, authentication patterns, input validation strategies, and compliance guidelines. Ensures applications are secure against common vulnerabilities.

by aiskillstore

Sets up new projects and generates workflow files like CLAUDE.md, AGENTS.md, Plans.md. Use when user mentions セットアップ, setup, 初期化, initialize, 新規プロジェクト, ワークフローファイル生成. Do NOT load for: 実装作業, レビュー, ビルド検証, デプロイ.

by aiskillstore

Skills for spawning external processes - AI coding agents and generic CLI commands in new terminal windows. Parent skill category for agent and terminal spawning.

by aiskillstore

Auto-escalate reasoning depth for complex problems. Use proactively when encountering architecture, debugging, or unfamiliar code.