Security

Structured workflow for co-authoring documentation, specs, proposals, and decision docs. Use when user wants to write docs, create specs, draft proposals, or similar structured content.

Complete WordPress white-labeling using FREE plugins only - ASE, Branda, White Label CMS, Admin Menu Editor. Covers login page branding, admin cleanup, security hardening, and client handoff preparation.

Master-level fullstack software engineering with deep backend expertise. Use when building production-grade APIs, database architectures, authentication systems, microservices, or any backend-heavy application. Triggers on: (1) API design and implementation, (2) Database schema design and optimization, (3) Authentication/authorization systems, (4) System architecture decisions, (5) Performance optimization, (6) Error handling and logging, (7) Testing strategies, (8) DevOps and deployment, (9) Security hardening.

Performs intelligent compliance audits for software projects. Automatically detects which regulatory frameworks (GDPR, HIPAA, PCI-DSS, CCPA, SOC 2) apply based on project analysis and user context. Provides tiered reports with executive summaries and detailed technical findings. Use when the user asks about compliance, regulatory requirements, security standards, data protection, or wants to audit their codebase for legal/regulatory adherence.

Express.js server best practices including middleware, error handling, and security.

Review security risks and mitigations for remote WebF content (untrusted bundles, URL allowlists, HTTPS, trust boundaries, clickjacking). Use when the user mentions untrusted remote bundles, bundle URL validation/allowlists, or remote updates risk.

IoT network traffic analyzer for detecting IoT protocols and identifying security vulnerabilities in network communications. Use when you need to analyze network traffic, identify IoT protocols, or assess network security of IoT devices.

Use when implementing Bitcoin wallet features - provides complete architecture for on-chain Bitcoin transactions, UTXO management, address derivation from Nostr keys, and transaction handling with proper security patterns

Scans codebases and dependencies for known vulnerabilities and security issues

Google Cloud Platform configuration templates for BigQuery ML and Vertex AI training with authentication setup, GPU/TPU configs, and cost estimation tools. Use when setting up GCP ML training, configuring BigQuery ML models, deploying Vertex AI training jobs, estimating GCP costs, configuring cloud authentication, selecting GPUs/TPUs for training, or when user mentions BigQuery ML, Vertex AI, GCP training, cloud ML setup, TPU training, or Google Cloud costs.

Pipeline architecture, stage design, security for CI/CD

Implement Electron desktop app patterns for PhotoVault bulk uploader. Use when working with main/renderer process communication, chunked uploads, preload scripts, protocol handlers, or auto-updater. Includes security patterns and memory management for large file uploads.

Implement authentication, authorization, data protection, vulnerability checks, and security best practices. Use when adding authentication, protecting API endpoints, handling user data, or implementing security features.

Analyze, update, and manage Python dependencies in pyproject.toml, checking for version compatibility, security vulnerabilities, and suggesting upgrades.

Use when you need to plan technical solutions that are scalable, secure, and maintainable.

Generate comprehensive API documentation for REST, GraphQL, WebSocket APIs with OpenAPI specs, endpoint descriptions, request/response examples, error codes, authentication guides, and SDKs. USE WHEN user says 'viết document API', 'tạo API docs', 'generate API documentation', 'document REST endpoints', hoặc cần tạo technical reference cho developers.

Universal security checklist based on OWASP Top 10 for ANY project type or language. Use before deploying to production, handling sensitive data, or processing user input.

Implements authentication and authorization for Rust backend services using JWT, password hashing, sessions, and middleware patterns. Use when building auth systems, implementing login/logout, protecting routes, hashing passwords, or working with JWT tokens in Axum/Tower applications.

Authorization patterns including RBAC and ABAC. Use when implementing access control.

Meta-skill for selecting correct WorldCrafter skill. Use when unclear which skill to use, request maps to multiple skills, need to orchestrate skills, user asks for guidance, or ambiguous requests need clarification. Provides decision trees and trigger matching for feature-builder (complete features with forms), database-setup (tables/migrations/RLS), test-generator (add tests), route-creator (simple pages/APIs), auth-guard (authentication/authorization), ai-assistant (AI generation/suggestions/consistency), visualization (maps/timelines/graphs), and chatgpt-setup (MCP integration). Do NOT use when request clearly maps to one skill or trigger phrases clearly indicate specific skill.