Loading...
Loading...
Found 173 Skills
Advanced Vite 7+ patterns including Environment API, plugin development, SSR configuration, library mode, and build optimization. Use when customizing build pipelines, creating plugins, or configuring multi-environment builds.
HTTP Host header injection and routing abuse playbook. Use when the application trusts the Host header for generating URLs, routing requests, or access control — enabling password reset poisoning, web cache poisoning, SSRF via routing, and virtual host bypass.
Server-side vulnerability testing - SSRF, HTTP Request Smuggling, Path Traversal, File Upload, Insecure Deserialization, and Host Header injection.
TanStack Start (RC) full-stack React with server functions, SSR, Cloudflare Workers. Use for Next.js migration, edge rendering, or encountering hydration, auth, data pattern errors.
Step-by-step guide for setting up Better Auth authentication with Convex and TanStack Start. This skill should be used when configuring authentication in a Convex + TanStack Start project, troubleshooting auth issues, or implementing sign up/sign in/sign out flows. Covers installation, environment variables, SSR authentication, route handlers, and the expectAuth pattern.
Evaluates Next.js routes and outputs optimal revalidate settings, cache tags for ISR, SSR configurations, or streaming patterns. This skill should be used when optimizing Next.js caching strategies, configuring Incremental Static Regeneration, planning cache invalidation, or choosing between SSR/ISR/SSG. Use for Next.js caching, revalidation, ISR, cache tags, on-demand revalidation, or rendering strategies.
使用 @aptx/api-plugin-csrf 添加 CSRF 保护。触发条件:当代码需要在请求中添加 CSRF token、配置 cookie/header 名称、处理 SSR/Node 环境的 cookie 读取、或使用 createCsrfMiddleware 时使用。
TanStack Query v5 expert guidance - migration gotchas (v4→v5 breaking changes), performance pitfalls (infinite refetch loops, staleness traps), and decision frameworks (when NOT to use queries, SWR vs React Query trade-offs). Use when: (1) debugging v4→v5 migration errors (gcTime, isPending, throwOnError), (2) infinite refetch loops, (3) SSR hydration mismatches, (4) choosing between React Query vs SWR vs fetch, (5) optimistic update patterns not working. NOT for basic setup (see official docs). Focuses on non-obvious decisions and patterns that cause production issues. Triggers: React Query, TanStack Query, v5 migration, refetch loop, stale data, SSR hydration, query invalidation, optimistic updates debugging.
Choose and implement effector-storage persistence patterns for Effector apps. Use when tasks involve persist/createPersist usage, selecting adapters (local/session/query/broadcast/storage/asyncStorage/memory/nil/log), configuring clock/pickup/context/keyPrefix, validating data with contracts, handling done/fail/finally flows, SSR-safe adapter fallback with either, or debugging sync and serialization issues.
This skill should be used when the user asks to "create a Supabase table", "write RLS policies", "set up Supabase Auth", "create Edge Functions", "configure Storage buckets", "use Supabase with Next.js", "migrate API keys", "implement row-level security", "create database functions", "set up SSR auth", or mentions 'Supabase', 'RLS', 'Edge Function', 'Storage bucket', 'anon key', 'service role', 'publishable key', 'secret key'. Automatically triggers when user mentions 'database', 'table', 'SQL', 'migration', 'policy'.
Technical SEO audit with GEO-specific checks — crawlability, indexability, security, performance, SSR, and AI crawler access
This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP cloud environments. It covers understanding the shared responsibility model for testing scope, leveraging cloud-specific attack tools like Pacu and ScoutSuite, exploiting IAM misconfigurations, testing for SSRF to cloud metadata services, and reporting findings aligned to MITRE ATT&CK Cloud matrix.