Security
2492 skills in Testing & Security > Security
auth-system-design
Authentication system design and implementation guidance with Python examples using strict typing. Use when: (1) Designing authentication flows (signup, login, logout, refresh), (2) Selecting between session vs token-based auth, (3) Designing JWT structure and claims, (4) Implementing OAuth 2.0 flows, (5) Setting up multi-service authentication patterns, (6) Creating password reset and email verification flows, (7) Implementing role-based access control (RBAC), (8) Creating security checklists for auth systems, (9) Planning frontend/backend auth integration. All examples follow Python typing standards and security best practices.
supabase-artifact-connection
Connect Supabase databases to Claude Desktop artifacts with authentication and read-only queries using native fetch API.
security-patterns
Elixir-specific security patterns, OWASP mitigations, and compliance best practices
mydetailarea-integrations
Third-party integration connectors for MyDetailArea. Implements secure API integrations with accounting software (QuickBooks, Xero), CRM systems, inventory management, payment processors, and webhooks. Includes OAuth flows, API authentication, rate limiting, error handling, and data synchronization patterns. Use when connecting external systems or building API integrations.
security-review
A specialist skill for security reviews, threat modeling, and remediation guidance. Use for auth/permissions changes, secrets or PII handling, public endpoints, or dependency upgrades.
supabase-operations
Supabase operational knowledge for migrations, RLS optimization, MCP tool benchmarks, and ADR-003 compliance. Use when validating database migrations, optimizing Row-Level Security policies, checking MCP tool performance, or ensuring Supabase operational standards. Triggers on: migration validation, RLS patterns, Supabase benchmarks, ADR-003, database state tracking, schema governance.
analyzing-crypto-weakness
Identifies weak cryptographic algorithms, hardcoded keys, and insecure key management practices in binary code. Use when analyzing encryption/decryption, authentication mechanisms, or reviewing cryptographic implementations.
global-error-handling
Implement proper error handling patterns for n8n nodes using NodeApiError and NodeOperationError classes. Use this skill when writing try-catch blocks in execute methods, handling HTTP errors, validating parameters, parsing API error responses, implementing continueOnFail logic, writing actionable error messages, or handling errors in trigger nodes. Apply when working with external API calls, authentication errors, rate limiting, or any error scenarios in n8n node development.
typescript-security-checker
Next.js/TypeScriptプロジェクト向けセキュリティ診断スキル。OWASP準拠。以下の場合に使用:(1) PRレビュー時のセキュリティチェック(2) API Routes のセキュリティ検証(3) 認証・認可ロジックの確認(4) 依存パッケージの脆弱性確認(5) 環境変数・シークレット管理の確認
lucia
Implements session-based authentication with Lucia Auth library for server-side session management and cookie handling. Use when building custom authentication, session management, or when user mentions Lucia, server-side auth, or session cookies.
opa-policy-templates
OPA Gatekeeper policy templates overview. 20 production-ready constraint templates for pod security, image validation, RBAC, and resource governance.
rn-security-audit
Security audit skill for React Native applications. Use when reviewing code for vulnerabilities, detecting leaked secrets (API keys, tokens, credentials), identifying exposed personal data (PII), checking insecure storage, validating authentication flows, reviewing network security, and ensuring compliance with mobile security best practices (OWASP MASVS). Covers both JavaScript/TypeScript and native iOS/Android code.
api-design-development
Master REST and GraphQL API design, authentication, security, error handling, documentation, and deployment. Learn HTTP semantics, resource modeling, rate limiting, versioning strategies, and build production-grade APIs serving millions of requests.
fastapi
FastAPI - Modern Python web framework for building APIs with automatic validation, documentation, and async support. Use for API routes, dependency injection, Pydantic models, middleware, and authentication.
pr-comment-analysis
Extract, consolidate, and prioritize all comments from GitHub Pull Requests for systematic code review. Fetches both inline review comments and general PR conversation, then analyzes and organizes them by priority (critical bugs/security, design improvements, style nitpicks). Use when working with PR reviews, consolidating feedback from multiple reviewers, or creating action plans from review comments.
env-manager
Environment variable validation, security scanning, and management for Next.js, Vite, React, and Node.js applications
rest-best-practices
RESTful principles, versioning, security, rate limiting, and documentation.
impact-analysis
コード変更の影響範囲分析スキル。変更が引き起こし得る影響を影響面(code/interface/data/external/config/runtime/security/observability)ごとに整理し、「どこをレビューし、何をテストし、何を観測すべきか」を根拠つきで提示する。トリガー条件:- 「影響範囲を分析して」「この変更の影響は?」「どこまで波及する?」- PRレビュー依頼時、リファクタ/仕様変更時- 障害対応で「原因箇所の周辺影響」を確認したい時注意: 変更の是非の最終判断は行わない。実行時にしか分からない挙動は推定と不確実性を提示する。
database-schema-architect
Expert guidance for designing, optimizing, and maintaining database schemas for SQL and NoSQL systems. Use when creating new databases, optimizing existing schemas, planning migrations, implementing security policies, or ensuring GDPR compliance. Covers normalization, indexing, data types, relationships, performance optimization, and audit logging.
security-sentinel
Use when working with authentication, API routes, user input, or sensitive data. Audits code for security vulnerabilities based on OWASP Top 10. Critical for payment processing, auth systems, and data handling.