Loading...
Loading...
Found 873 Skills
IPA guideline-compliant security diagnostic and review skill for Laravel/React applications. Use when performing security checks during code implementation or review. Diagnoses 11 vulnerability types (SQL injection, XSS, CSRF, etc.), provides safe code examples, and performs checklist-based validation. Works in conjunction with .claude/rules/security/ to provide concrete diagnostic workflows during implementation phases. Triggers when: (1) reviewing code for security vulnerabilities, (2) implementing authentication/authorization, (3) handling user input/output, (4) working with sessions/cookies, (5) processing files or executing commands, (6) creating forms or APIs, (7) performing security audits.
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).
Use when building email features, emails going to spam, high bounce rates, setting up SPF/DKIM/DMARC authentication, implementing email capture, ensuring compliance (CAN-SPAM, GDPR, CASL), handling webhooks, retry logic, or deciding transactional vs marketing.
E2E test architecture and patterns with Playwright. Use when designing test suites, structuring Page Object Models, planning CI sharding strategies, setting up authentication flows, or organizing tests with tags and annotations. Use for test architecture, accessibility auditing with axe-core, network mocking strategies, visual regression workflows, HAR replay, and storageState authentication patterns. For Playwright API details, browser automation, or web scraping, use the playwright skill instead.
openfootball (football.json) is a free, open, public domain collection of football (soccer) match data in JSON format. It covers major leagues worldwide including the English Premier League, Bundesliga, La Liga, Serie A, Ligue 1, World Cup, Euro, and Champions League. Use this skill to fetch historical and current season fixtures, results, and scores. No API key or authentication is required.
Comprehensive email marketing knowledge base covering strategy, deliverability, list building, segmentation, automation, copywriting, analytics, and platform selection. Use this skill when helping with anything email marketing related: planning campaigns, building automations, writing copy, analysing metrics, setting up authentication, or advising on ESP selection. This skill reflects the opinions and experience of an expert practitioner, not generic best-practice summaries.
セッション管理の総合窓口。初期化・記憶・状態を一手に引き受けます。Use when managing Claude Code sessions, /session command. Do NOT load for: app user sessions, login state, authentication features.
Use SweetLink to connect your AI agent to a real browser tab. Like Playwright, but works in your current tab. Enables authentication, screenshots, smoke tests, and DevTools telemetry without headless automation.
Adds new users to Cloudflare Access authentication by updating ACCESS_ALLOWED_EMAIL in .env and syncing policies to all protected services. Use when you need to grant access to a new user, add someone to the network, share service access, or update allowed emails. Triggers on "add user to access", "grant access to [email]", "add [email] to cloudflare", "share access with", "allow [email] to authenticate", or "update access users". Works with .env, update-access-emails.sh, and Cloudflare Access policies for pihole, jaeger, langfuse, sprinkler, ha, and temet.ai services.
Generate type-safe API clients, TanStack Query/SWR hooks, Zod schemas, MSW mocks, Hono server handlers, MCP servers, and SolidStart actions from OpenAPI specs using Orval. Covers all clients (React/Vue/Svelte/Solid/Angular Query, Fetch, Axios), custom HTTP mutators, authentication patterns, NDJSON streaming, programmatic API, and advanced configuration.
GitHub Actions workflow authoring for CI/CD pipelines. Covers workflow syntax, triggers, jobs, steps, matrix strategies, caching, artifacts, reusable workflows, composite actions, secrets management, OIDC authentication, and permissions hardening. Use when creating workflows, configuring jobs, setting up caching, or automating releases. Use for github-actions, workflow, ci, cd, actions, jobs, steps, matrix, cache, artifact, secrets, reusable-workflow.
Application security covering threat modeling (STRIDE), OWASP Top 10 (2025), OWASP API Security Top 10 (2023), secure coding review, authentication/authorization patterns, input validation, encryption, security headers, supply chain security, compliance (GDPR/HIPAA/SOC2/PCI-DSS), and security monitoring. Use when reviewing code for vulnerabilities, implementing auth patterns, securing APIs, configuring security headers, hardening supply chain, preventing injection attacks, or preparing for compliance audits.