Loading...
Loading...
Found 1,591 Skills
Expert MCP (Model Context Protocol) server developer creating safe, performant, production-ready servers with proper security, error handling, and developer experience. Activate on 'create MCP', 'MCP server', 'build MCP', 'custom tool server', 'MCP development', 'Model Context Protocol'. NOT for using existing MCPs (just invoke them), general API development (use backend-architect), or skills/agents without external state (use skill-coach/agent-creator).
Security vulnerability scanner and OWASP compliance auditor for codebases. Dependency scanning (npm audit, pip-audit), secret detection (high-entropy strings, API keys), SAST for injection/XSS vulnerabilities, and security posture reports. Activate on 'security audit', 'vulnerability scan', 'OWASP', 'secret detection', 'dependency check', 'CVE', 'security review', 'penetration testing prep'. NOT for runtime WAF configuration (use infrastructure tools), network security/firewalls, or compliance certifications like SOC2/HIPAA (legal/organizational).
Better Auth — framework-agnostic TypeScript authentication & authorization library. Covers setup, email/password, social OAuth (40+ providers), passkeys, magic links, 2FA, organizations, sessions, plugins, admin, hooks, and security hardening. Use when implementing auth with Better Auth: configuring auth instances, adding providers, setting up database adapters (Prisma, Drizzle, PostgreSQL, MySQL, SQLite, MongoDB), integrating with frameworks (Next.js, Nuxt, SvelteKit, Astro, Hono, Express, Elysia, Fastify, Expo), managing sessions, or extending with plugins.
Generates technical implementation plans and architectural strategies that enforce the Project Constitution. Use when designing new features, starting implementation tasks, refactoring code, or ensuring compliance with critical standards like Testability-First Architecture, security mandates, testing strategies, and error handling.
Validate authentication mechanisms for security weaknesses and compliance. Use when reviewing login systems or auth flows. Trigger with 'validate authentication', 'check auth security', or 'review login'.
Penetration Test Planner - Auto-activating skill for Security Advanced. Triggers on: penetration test planner, penetration test planner Part of the Security Advanced skill category.
Password Hash Generator - Auto-activating skill for Security Fundamentals. Triggers on: password hash generator, password hash generator Part of the Security Fundamentals skill category.
Run Spectral to lint OpenAPI and AsyncAPI specs for security issues. Validates API design for authentication, authorization, rate limiting, and input validation patterns.
Configure perform API fuzzing to discover edge cases, crashes, and security vulnerabilities. Use when performing specialized testing. Trigger with phrases like "fuzz the API", "run fuzzing tests", or "discover edge cases".
Analyze session management implementations to identify security vulnerabilities in web applications. Use when you need to audit session handling, check for session fixation risks, review session timeout configurations, or validate session ID generation security. Trigger with phrases like "check session security", "audit session management", "review session handling", or "session fixation vulnerability".
Implement security best practices for Gamma integration. Use when securing API keys, implementing access controls, or auditing Gamma security configuration. Trigger with phrases like "gamma security", "gamma API key security", "gamma secure", "gamma credentials", "gamma access control".
Implement security best practices for Evernote integrations. Use when securing API credentials, implementing OAuth securely, or hardening Evernote integrations. Trigger with phrases like "evernote security", "secure evernote", "evernote credentials", "evernote oauth security".