Loading...
Loading...
Found 1,591 Skills
This skill provides comprehensive knowledge for implementing Cloudflare Turnstile, the CAPTCHA-alternative bot protection system. It should be used when integrating bot protection into forms, login pages, signup flows, or any user-facing feature requiring spam/bot prevention. Turnstile runs invisible challenges in the background, maintaining excellent user experience while blocking automated traffic. Use when: Adding bot protection to forms, implementing login security, protecting API endpoints from abuse, migrating from reCAPTCHA/hCaptcha, encountering CSP errors with Turnstile, handling token validation failures, implementing E2E tests with Turnstile, integrating with React/Next.js/Hono applications, or debugging error codes 100*, 300*, 600*. Keywords: turnstile, captcha, bot protection, cloudflare challenge, siteverify, recaptcha alternative, spam prevention, form protection, cf-turnstile, turnstile widget, token validation, managed challenge, invisible challenge, @marsidev/react-turnstile, hono turnstile, workers turnstile
Senior Backend Architect for Convex.dev (2026). Specialized in reactive database design, type-safe full-stack synchronization, and hardened authorization patterns. Expert in building low-latency, real-time applications using Convex v2+ features like RLS (Row Level Security), HTTP Actions, File Storage, and advanced indexing.
Identify security vulnerabilities and anti-patterns providing feedback on security issues a senior developer would catch. Use when user mentions security/vulnerability/safety concerns, code involves user input/authentication/data access, working with sensitive data (passwords/PII/financial), code includes SQL queries/file operations/external API calls, user asks about security best practices, or security-sensitive files are being modified (auth, payment, data access).
Docker and Docker Compose optimization. Multi-stage builds, security, debugging.
Start code reviews, PR checks, or bug analysis. Triggers: "review my code", "check this PR", "analyze for bugs", "code review". Do NOT use for: - Automating fixes (use `ask-python-refactor`). - Generating new features. Capabilities: - Static analysis: Correctness, Security, Performance, Style. - Feedback priority: Critical > Performance > Style.
Software supply chain security guidance covering SBOM generation, SLSA framework, dependency scanning, SCA tools, and protection against supply chain attacks like dependency confusion and typosquatting.
GitHub Actions workflow security, performance optimization, and best practices
Comprehensive Cloudflare platform skill covering Workers, Pages, storage (KV, D1, R2), AI (Workers AI, Vectorize, Agents SDK), networking (Tunnel, Spectrum), security (WAF, DDoS), and infrastructure-as-code (Terraform, Pulumi). Use PROACTIVELY for any Cloudflare development task.
Supabase Row Level Security policies. Use when creating RLS policies, securing tables, or implementing multi-tenant data isolation.
Use when reviewing code for security vulnerabilities, implementing authorization, or ensuring data protection.
Multi-Model Collaboration — Invoke gemini-agent and codex-agent for auxiliary analysis **Trigger Scenarios** (Proactive Use): - In-depth code analysis: algorithm understanding, performance bottleneck identification, architecture sorting - Large-scale exploration: 5+ files, module dependency tracking, call chain tracing - Complex reasoning: solution evaluation, logic verification, concurrent security analysis - Multi-perspective decision-making: requiring analysis from different angles before comprehensive judgment **Non-Trigger Scenarios**: - Simple modifications (clear changes in 1-2 files) - File searching (use Explore or Glob/Grep) - Read/write operations on known paths **Core Principle**: You are the decision-maker and executor, while external models are consultants.
Framework for assessing IT service providers, technology vendors, and third-party partners. Creates structured risk assessments across financial, operational, compliance, security, and reputational dimensions with regulatory checklists (GDPR, DORA, NIS2, SOX). Use when: (1) Evaluating new vendors or technology providers, (2) Conducting third-party risk assessments for procurement, (3) Performing critical vendor due diligence for regulatory compliance, (4) Creating vendor onboarding documentation, (5) Establishing ongoing vendor monitoring processes, (6) Assessing vendor concentration risk, or (7) Generating executive-level vendor risk reports.