Security

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

Use when working in mm-ibkr-gateway to access market data, account summary, positions, PnL, or orders via the REST API (FastAPI). Covers starting the API server, required env and safety settings, authentication with X-API-Key, and market/account/order endpoints for quote, historical bars, preview, place, status, cancel, and open orders.

AndroidアプリのセキュリティレビューをOWASP Mobile Top 10 2024およびMASVS (Mobile Application Security Verification Standard) の観点で実施し、Markdownレポートを生成する。Use when: (1) Androidアプリのセキュリティ監査/レビュー依頼時 (2) 「セキュリティチェック」「脆弱性診断」「OWASP」「MASVS」キーワード時 (3) Androidプロジェクトのコードレビューでセキュリティ観点が必要な時 (4) 金融・医療アプリのセキュリティ評価時

Wrapper for GitHub CLI (gh) in Claude.ai. Covers installation, authentication, and common operations like pushing files, creating branches, PRs, issues, and releases.

Keycloak administration including realm management, client configuration, OAuth 2.0 setup, user management with custom attributes, role and group management, theme deployment, and token configuration. Activate for Keycloak Admin API operations, authentication setup, and identity provider configuration.

Environment variable validation, security scanning, and management for Next.js, Vite, React, and Node.js applications. Use when validating environment configurations, preventing exposed secrets, or implementing framework-aware environment variable management.

Supabase operational knowledge for migrations, RLS optimization, MCP tool benchmarks, and ADR-003 compliance. Use when validating database migrations, optimizing Row-Level Security policies, checking MCP tool performance, or ensuring Supabase operational standards. Triggers on: migration validation, RLS patterns, Supabase benchmarks, ADR-003, database state tracking, schema governance.

Create, evaluate, and optimize GitHub Actions workflows and custom actions. Use when building CI/CD pipelines, creating workflow files, developing custom actions, troubleshooting workflow failures, performing security analysis, optimizing performance, or reviewing GitHub Actions best practices. Covers Ruby/Rails, TypeScript/Node.js, Heroku and Fly.io deployments.

Handles MMKV storage operations and data persistence patterns with encryption. Use when implementing data persistence, caching, or user preferences in Fitness Tracker App.

Workflow templates for orchestrating multi-agent development processes (feature, security, bugfix)

Security fundamentals and best practices

Transform vague ideas into concrete, validated project concepts. Clarifies problem statements, identifies target users, ruthlessly scopes MVPs, challenges assumptions, and documents vision in PLANNING.md, TASK.md, and AI_MEMORY.md.

Build robust IoT solutions for Siemens PLCs using S7 protocol and OPC UA. Includes connection management, data reading/writing, error handling, security best practices, real-time monitoring, alarm handling, and production-ready wrappers for Python (snap7, asyncua) and Node.js (node-s7, node-opcua). Use when integrating with Siemens S7-300/400/1200/1500 PLCs, implementing SCADA systems, building industrial automation, monitoring production lines, or creating IoT gateways.

Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.

NPM registry configuration template (.npmrc.template) and validation logic for GitHub Packages authentication with pnpm hoisting settings. Includes 4 critical standards (GitHub Package Registry config with token placeholder, pnpm hoisting for monorepo compatibility, exact version management, security documentation). Use when creating or auditing .npmrc.template files to prevent token leakage.

Analyzes existing project structure and design system, then provides contextually relevant UI/UX design options with visual descriptions. Helps users choose layouts, color schemes, component patterns, and interactions that integrate seamlessly with their current codebase. Activates for any UI, design, frontend, or visual-related development questions.

Guide for implementing ChatGPT Apps using OpenAI Apps SDK. Use when building MCP servers with interactive UI components that integrate with ChatGPT, including widget runtime, authentication, state management, and deployment to the ChatGPT platform.

Guide for implementing Grafana Mimir - a horizontally scalable, highly available, multi-tenant TSDB for long-term storage of Prometheus metrics. Use when configuring Mimir on Kubernetes, setting up Azure/S3/GCS storage backends, troubleshooting authentication issues, or optimizing performance.

Security and environment configuration standards for web applications, including environment variable management, secure coding practices, and production deployment security. Use when setting up environments, configuring security, or deploying applications.

Max - Your AI system core. AUTO-LOADS at session start. USE WHEN any session begins OR user asks about PAI identity, response format, stack preferences, security protocols, or delegation patterns.