安全性

Implements authentication and payment features using Clerk, Supabase Auth, or Stripe. Use when user mentions ログイン, 認証, auth, authentication, Clerk, Supabase, 決済, payment, Stripe, 課金, サブスクリプション. Do NOT load for: 一般的なUI作成, データベース設計, 非認証機能.

Reviews code for quality, security, performance, and accessibility issues. Use when user mentions レビュー, review, コードレビュー, セキュリティ, パフォーマンス, 品質チェック, セルフレビュー, PR, diff, 変更確認. Do NOT load for: 実装作業, 新機能開発, バグ修正, セットアップ.

Authentication patterns for external services: API keys, OAuth, token management, verification.Triggers: authentication, API keys, OAuth, token management, credentialsUse when: integrating external services or implementing authentication flows

Security practices including secrets management, input validation, SSRF prevention, and production hardening. Use for security-sensitive code.

Complete guide for writing Claude Code and SDK hooks with security-first design.Triggers: hook creation, hook writing, PreToolUse, PostToolUse, UserPromptSubmit,tool validation, logging hooks, context injection, workflow automationUse when: creating new hooks for tool validation, logging operations for audit,injecting context before prompts, enforcing project-specific workflows,preventing dangerous operations in productionDO NOT use when: logic belongs in core skill - use Skills instead.DO NOT use when: complex multi-step workflows needed - use Agents instead.DO NOT use when: behavior better suited for custom tool.Use this skill BEFORE writing any hook. Check even if unsure.

detailed hook evaluation framework for Claude Code and Agent SDK hooks.Triggers: hook audit, hook security, hook performance, hook compliance,SDK hooks, hook evaluation, hook benchmarking, hook vulnerabilityUse when: auditing existing hooks for security vulnerabilities, benchmarkinghook performance, implementing hooks using Python SDK, understanding hookcallback signatures, validating hooks against compliance standardsDO NOT use when: deciding hook placement - use hook-scope-guide instead.DO NOT use when: writing hook rules from scratch - use hookify instead.DO NOT use when: validating plugin structure - use validate-plugin instead.Use this skill BEFORE deploying hooks to production.

Configure pre-commit hooks for code formatting, linting, and security checks

Expert-level Rust audits covering ownership, concurrency, unsafe blocks,traits, and Cargo dependencies.Triggers: Rust review, ownership analysis, borrowing, unsafe audit, concurrency,Cargo dependencies, lifetime annotations, trait boundsUse when: reviewing Rust code, auditing unsafe blocks, analyzing ownership patterns,scanning Cargo dependencies for securityDO NOT use when: general code review without Rust - use unified-review.DO NOT use when: performance profiling - use parseltongue:python-performance pattern.Use this skill for Rust-specific code audits.

Incorporating security at every step of software development – writing code that defends against vulnerabilities and protects user data.

OWASP API Security Top 10 (2023) と Rust セキュリティベストプラクティス。脆弱性検出。Use when: セキュリティ、脆弱性、OWASP、認証、認可、監査を依頼された時。

Write secure, optimized database queries using parameterized queries, eager loading to prevent N+1 problems, and strategic indexing for performance. Use this skill when writing SQL queries, ORM queries, database interactions, or optimizing data fetching logic. Apply when working with query files, repository patterns, data access layers, SQL statements, ORM methods (ActiveRecord, Sequelize, Prisma queries), JOIN operations, WHERE clauses, preventing SQL injection, implementing eager loading or includes, adding query timeouts, wrapping operations in transactions, or caching expensive queries. Use for any task involving database reads, writes, complex queries, query optimization, or data fetching performance.

Use when creating or publishing Claude Code hooks - covers executable format, event types, JSON I/O, exit codes, security requirements, and PRPM package structure

Expert guidance for writing secure, reliable, and performant Claude Code hooks - validates design decisions, enforces best practices, and prevents common pitfalls

Use when building custom Kiro AI agents or when user asks for agent configurations - provides JSON structure, tool configuration, prompt patterns, and security best practices for specialized development assistants

Implement comprehensive validation with server-side enforcement, client-side UX feedback, early failure, specific error messages, allowlists over blocklists, type checking, input sanitization, and consistent validation across all entry points. Use this skill when implementing validation logic in forms, API endpoints, data models, user inputs, or any data processing. Apply when validating form inputs, API request parameters, database model fields, implementing client-side validation for user experience, enforcing server-side validation for security, sanitizing user input to prevent injection attacks, checking data types and formats, validating business rules, or providing field-specific error messages. Use for any task involving input validation, data integrity checks, security validation, or user input processing.

Specialized in reverse-engineering compiled binaries (JARs, DLLs). Use this when the user asks to compare versions, find security fixes, or analyze binary patches.

Use narsil-mcp code intelligence tools effectively. Use when searching code, finding symbols, analyzing call graphs, scanning for security vulnerabilities, exploring dependencies, or performing static analysis on indexed repositories.

Comprehensive security checklist covering OWASP Top 10, input validation, authentication, and secure coding practices. Use for security audits and reviews.

Fast tokenizers optimized for research and production. Rust-based implementation tokenizes 1GB in <20 seconds. Supports BPE, WordPiece, and Unigram algorithms. Train custom vocabularies, track alignments, handle padding/truncation. Integrates seamlessly with transformers. Use when you need high-performance tokenization or custom tokenizer training.

API security testing guide covering OWASP API Security Top 10, JWT attacks, OAuth vulnerabilities, GraphQL security, and API fuzzing techniques.