安全性

Guide for sanitizing git repositories by identifying and replacing sensitive information such as API keys, tokens, and credentials. This skill should be used when tasks involve removing secrets from codebases, sanitizing repositories before sharing, or replacing sensitive values with placeholders. Applies to tasks involving secret detection, credential removal, or repository cleanup for security purposes.

Guidance for filtering JavaScript and XSS attack vectors from HTML while preserving original formatting. This skill should be used when tasks involve removing script content, sanitizing HTML, filtering XSS payloads, or creating security filters that must preserve the original document structure unchanged.

Use proactively for authorization with ActionPolicy. Creates policies, scopes, and integrates with GraphQL/ActionCable. Preferred over Pundit for composable, cacheable authorization.

This skill provides guidance for FEAL cipher linear cryptanalysis tasks. It should be used when recovering encryption keys from FEAL-encrypted data using known plaintext-ciphertext pairs, implementing linear approximation attacks on block ciphers, or solving cryptanalysis challenges involving the FEAL cipher family. The skill emphasizes mathematical analysis over brute-force approaches.

Guide for performing linear cryptanalysis attacks on FEAL and similar Feistel ciphers. This skill should be used when tasks involve breaking FEAL encryption, recovering cipher keys using known plaintext-ciphertext pairs, or implementing linear cryptanalysis techniques. Applies to cryptographic challenges mentioning "linear attack," "FEAL," "Feistel cipher analysis," or key recovery from plaintext-ciphertext pairs.

Perform automated code reviews checking for security vulnerabilities, performance issues, and code quality. Use before creating PRs or when reviewing complex changes.

This skill provides guidance for recovering secrets or sensitive data that have been removed from Git history through operations like reset or rebase, and then properly cleaning up the repository to ensure the data is completely removed. Use this skill when tasks involve finding lost commits, recovering data from Git reflog, or securely removing sensitive information from Git repositories.

Coordinates 9 specialized audit workers (security, build, architecture, code quality, dependencies, dead code, observability, concurrency, lifecycle). Researches best practices, delegates parallel audits, aggregates results into single Linear task in Epic 0.

Apple firmware and binary reverse engineering with the ipsw CLI tool. Use when analyzing iOS/macOS binaries, disassembling functions in dyld_shared_cache, dumping Objective-C headers from private frameworks, downloading IPSWs or kernelcaches, extracting entitlements, analyzing Mach-O files, or researching Apple security. Triggers on requests involving Apple RE, iOS internals, kernel analysis, KEXT extraction, or vulnerability research on Apple platforms.

This skill guides provisioning Cloudflare infrastructure with OpenTofu/Terraform. Use when managing zones, DNS records, WAF rules, SSL settings, Page Rules, or cache configuration.

Security audit worker (L3). Scans codebase for hardcoded secrets, SQL injection, XSS, insecure dependencies, missing input validation. Returns findings with severity (Critical/High/Medium/Low), location, effort, and recommendations.

Use when designing cloud architectures, planning migrations, or optimizing multi-cloud deployments. Invoke for Well-Architected Framework, cost optimization, disaster recovery, landing zones, security architecture, serverless design. Keywords: AWS, Azure, GCP, multi-cloud, cloud migration, cost optimization.

Performs systematic code review checking for correctness, maintainability, security, and best practices. Activates when user requests review, before creating PRs, or when significant code changes are ready. Ensures quality gates are met before code proceeds to production.

Use when developing WordPress themes, plugins, customizing Gutenberg blocks, implementing WooCommerce features, or optimizing WordPress performance and security.

Use when reviewing pull requests, conducting code quality audits, or identifying security vulnerabilities. Invoke for PR reviews, code quality checks, refactoring suggestions. Keywords: code review, PR review, quality, refactoring, best practices.

Use when building .NET 8 applications with minimal APIs, clean architecture, or cloud-native microservices. Invoke for Entity Framework Core, CQRS with MediatR, JWT authentication, AOT compilation. Keywords: .NET Core, .NET 8, ASP.NET Core, minimal API, EF Core, CQRS.

Analyzes events through political science lens using IR theory (Realism, Liberalism, Constructivism),comparative politics, institutional analysis, and power dynamics.Provides insights on governance, security, regime change, international cooperation, and policy outcomes.Use when: Political events, international crises, elections, regime transitions, policy changes, conflicts.Evaluates: Power distributions, institutional effects, actor interests, strategic interactions, norms.

API authentication patterns including JWT, OAuth 2.0, API keys, and session-based auth. Covers token generation, validation, refresh strategies, security best practices, and when to use each pattern. Use when implementing API authentication, choosing auth strategy, securing endpoints, or debugging auth issues. Prevents common vulnerabilities like token theft, replay attacks, and insecure storage.

Use when building Laravel 10+ applications requiring Eloquent ORM, API resources, or queue systems. Invoke for Laravel models, Livewire components, Sanctum authentication, Horizon queues. Keywords: Laravel, Eloquent, PHP 8.2+, API, queues, Livewire, Sanctum, Horizon.

Shared configuration patterns for project setup commands. Provides security hooks, Claude framework structure templates, and framework detection patterns used across multiple setup commands.