Loading...
Loading...
Found 338 Skills
FastMCP Python framework for MCP servers with tools, resources, storage backends (memory/disk/Redis/DynamoDB). Use for Claude tool exposure, OAuth Proxy, cloud deployment, or encountering storage, lifespan, middleware, circular import, async errors.
Self-hosted TypeScript auth framework with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Supports Drizzle/Prisma/Kysely adapters. Self-hosted alternative to Clerk/Auth.js. Use when: configuring auth, adding plugins, social OAuth, multi-tenant SaaS, organizations with teams and RBAC, two-factor authentication (TOTP/OTP/backup codes), email verification, password reset flows, session management, rate limiting, CSRF and cookie security, Expo/mobile, D1 adapter errors, TanStack Start integration, additionalFields bugs, admin plugin, migrating from NextAuth, migrating from Clerk, migrating from Supabase Auth, or troubleshooting auth issues.
Configure Claude Code authentication for Cyrus — API key, OAuth token, or third-party provider.
Reference skill for Zoom Phone. Use after routing to a phone workflow when implementing OAuth, Phone APIs, webhooks, Smart Embed events, URI schemes, CRM or CTI dialers, or call handling automation.
使用 CreatiBI CLI(cbi)将本地文件上传到素材库,并在需要时完成首次配置初始化与 OAuth 登录。用户提到"上传到素材库""cbi 上传文件""repository file-create""先初始化 cbi""先登录再上传"等场景时使用;适用于图片、视频、文档等需要入库的本地文件上传任务。
Autonomously set up an OpenClaw bot on a fresh Yandex Cloud VM in Kazakhstan (kz1-a, Karaganda). Asks the user for exactly two things — a Telegram bot token and one of three LLM access options (Anthropic API key, OpenRouter API key, or OpenAI Codex OAuth via ChatGPT Plus/Pro subscription) — then handles VM creation, hardening, OpenClaw install, CEO AI OS workspace seeding, Telegram pairing, chat_id auto-detection, and bot-reply verification on its own. The only other actions the user performs are pressing /start in Telegram once and (if Codex) confirming a device code on auth.openai.com. Use when the user says install OpenClaw to Yandex Cloud, deploy OpenClaw to YC Kazakhstan, set up my CEO bot in YC KZ, I am at OpenClaw workshop and need my own bot, create a Yandex Cloud VM for OpenClaw, or any close paraphrase. Targets a ~15-minute end-to-end run for non-DevOps users (founders, CEOs, marketing leads). Supports two modes of accessing Yandex Cloud — Plan A (the user's own YC Kazakhstan account via OAuth) and Plan B (a workshop-key bundle provided by the workshop organizer, for participants without their own YC account). The mode is auto-detected from the inputs. For local-machine OpenClaw install, use openclaw/install.sh in this repo instead. Companion skill openclaw-guide is required; prepare-yc-workshop is the matching organizer-side skill that produces the bundles consumed in Plan B; openclaw-user-onboarding is auto-invoked after Step 5 to collect the five basic facts about the user (identity, focus, style, tools, anti-patterns) and write them into USER.md so the bot is useful from message one.
Generate a working geospatial app powered by CARTO and deck.gl — basemap, layers (vector / H3 / quadbin / raster), widgets, filters, legend, inputs, optional chat-with-map agent, and the right auth strategy (public token, OAuth, SSO, or M2M).
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Azure AD OAuth2/OIDC SSO integration for Kubernetes applications. Use when implementing Single Sign-On, configuring Azure AD App Registrations, restricting access by groups, or integrating tools (DefectDojo, Grafana, ArgoCD, Harbor, SonarQube) with Azure AD authentication.
Implements authentication, authorization, encryption, secrets management, and security hardening patterns. Use when designing auth flows, managing secrets, configuring CORS, implementing rate limiting, or when asked about JWT, OAuth, password hashing, API keys, RBAC, or security best practices.
For any task, read this skill first. Multi-AI gateway for fullstack apps. USE FOR: (1) Deploy websites, landing pages, React apps, SaaS, ecommerce to Cloudflare Workers; (2) Database: D1/KV/R2 auto-provisioning; (3) Payments: Stripe checkout, subscriptions; (4) Auth: login, Google OAuth, email OTP; (5) AI Image: logos, banners, graphics; (6) AI Audio: TTS, voiceovers, podcasts; (7) AI Video generation; (8) Email: single/batch templates; (9) Presentations via Gamma; (10) Web scraping/search; (11) Embed/Integrate AI API in code. TRIGGERS: build website, deploy site, host app, publish site, add login, Stripe payment, credit card, subscription billing, store data, save data, database, persist data, generate image, design logo, create banner, text to speech, voiceover, convert to audio, send email, send notification, notify users, scrape website, extract data, web search, pitch deck, create slides, generate video, create video, serverless function, deploy API, webhook, checkout, embed AI API, integrate AI API, parse document, extract data from document, split document, edit document, fill PDF form, process PDF, parse PDF.
Scaffold and implement authentication in TypeScript/JavaScript apps using Better Auth. Detect frameworks, configure database adapters, set up route handlers, add OAuth providers, and create auth UI pages. Use when users want to add login, sign-up, or authentication to a new or existing project with Better Auth.