Security

Review pull requests for code quality, security, and best practices. Use when the user says "review PR", "review pull request", "check this PR", "PR review", or provides a PR number or URL to review.

FedRAMP Rev 5 authorization expert. Provides guidance on traditional authorization paths, SSP/SAP/SAR/POA&M documentation, NIST 800-53 Rev 5 control implementation, and 3PAO assessment preparation.

🛡️ Comprehensive security management for festivals including crowd control, threat assessment, emergency response, and staff coordination.

Production-grade authentication & authorization covering JWT, cookies, sessions, hashing, MFA, OAuth2, RBAC, and permissions across all frameworks (Next.js, Express.js, FastAPI, Django, Spring, etc.). Includes intelligent pattern selection, Better Auth integration, email verification, social login, token revocation, permission management, and 10+ years security expertise. Use when implementing authentication, authorization, user management, MFA, OAuth integration, or securing APIs in any framework.

Scans code for security vulnerabilities, hardcoded secrets, and unsafe patterns in React Native and Expo applications. Use before merging sensitive changes or as part of a regular audit.

Expert code reviewer that enforces best practices, clean code principles, strong typing (TypeScript), architecture guidelines, and security standards. Reviews PRs and code snippets for bugs, code smells, anti-patterns, maintainability risks, performance issues, and security vulnerabilities. Use when reviewing pull requests, analyzing code quality, conducting code audits, or improving TypeScript/JavaScript codebases.

Share local services publicly or privately via secure tunnels. Use when needing to expose localhost ports, share dev servers, create public URLs for local services, or set up secure tunnels between machines.

This skill should be used when the user asks to "set up CI", "configure GitHub Actions", "create a workflow", "pin actions", "use ratchet", "set up Claude code review", "configure AWS OIDC", "deploy with tickforge", or mentions GitHub Actions, CI/CD pipelines, or workflow security. Provides Uptick's security-first GitHub Actions patterns.

Comprehensive security analysis including SAST, DAST, dependency scanning, secret detection, and vulnerability assessment. Use for security audits, CVE tracking, compliance checks, and preventing vulnerabilities from reaching production. Supports multiple languages and frameworks.

WHEN: Dockerfile review, multi-stage builds, layer optimization, docker-composeWHAT: Image optimization + Layer caching + Security scanning + Compose best practices + Build efficiencyWHEN NOT: Kubernetes → k8s-reviewer, Terraform → terraform-reviewer

FedRAMP 20X modernization expert. Provides guidance on Key Security Indicators (KSIs), continuous monitoring automation, machine-readable policies, and the new automated authorization approach. Auto-syncs with official FedRAMP docs.

Comprehensive security and code quality audit. Use for thorough security, vulnerability, and code quality analysis. Related: project-health-checker for quick diagnostic checks.

Common Solidity design patterns and implementations for secure smart contract development. Use when implementing standard functionality like access control, upgradeability, or token standards.

Expert in Mobile Development (iOS, Android, React Native, Flutter), Blockchain, Game Development, Git, Full-Stack, QA, Product Management, Technical Writing, DevRel, and Cyber Security. Build modern applications and master specialized tech roles.

LMS authentication system including SSO integration, useAuthReady hook patterns, four-layer security architecture, and permission checking. Use this skill when implementing auth flows, handling user sessions, fixing auth-related bugs, or understanding role-based access control.

Performs comprehensive code reviews with customizable checklists, identifying bugs, security issues, performance problems, and style violations

Security scanning templates and checklists for OWASP Top 10, authentication, authorization, data protection. Use when conducting security testing or vulnerability assessment.This skill provides comprehensive security testing:- OWASP Top 10 checklist with remediation- Authentication and authorization testing- Data protection verification- Security report generation- Integration with Codex CLI MCP for automated scanningTriggers: "security scan", "vulnerability check", "OWASP", "security test", "セキュリティスキャン", "脆弱性チェック", "セキュリティテスト"

Master Docker containerization, image building, optimization, and container registry management. Learn containerization best practices and image security.

Configure secure, high-performance connectivity between on-premises infrastructure and cloud platforms using VPN and dedicated connections. Use when building hybrid cloud architectures, connecting data centers to cloud, or implementing secure cross-premises networking.

Azure AKS Agentic CLI - AI-powered troubleshooting and insights tool for Azure Kubernetes Service. Use when diagnosing AKS cluster issues, getting cluster health insights, troubleshooting networking/storage/security problems, or analyzing cluster configuration with natural language queries.