Loading...
Loading...
Found 1,327 Skills
OWASP security guidelines and Top 10 vulnerabilities USE WHEN: user mentions "OWASP", "security audit", "vulnerability scan", asks about "injection", "XSS", "CSRF", "access control", "authentication security" DO NOT USE FOR: OWASP Top 10:2025 specific - use `owasp-top-10` instead
This skill should be used when the user asks to "set up authentication", "add login", "add logout", "configure Entra ID", "set up Azure AD auth", "add Microsoft login", "enable authentication", "set up sign in", "add role-based access", "add authorization", "protect routes", "add auth to my site", "configure identity provider", or wants to set up authentication (login/logout via Microsoft Entra ID) and role-based authorization for their Power Pages code site.
Troubleshoot and resolve issues with Azure Messaging SDKs for Event Hubs and Service Bus. Covers connection failures, authentication errors, message processing issues, and SDK configuration problems. WHEN: event hub SDK error, service bus SDK issue, messaging connection failure, AMQP error, event processor host issue, message lock lost, message lock expired, lock renewal, lock renewal batch, send timeout, receiver disconnected, SDK troubleshooting, azure messaging SDK, event hub consumer, service bus queue issue, topic subscription error, enable logging event hub, service bus logging, eventhub python, servicebus java, eventhub javascript, servicebus dotnet, event hub checkpoint, event hub not receiving messages, service bus dead letter, batch processing lock, session lock expired, idle timeout, connection inactive, link detach, slow reconnect, session error, duplicate events, offset reset, receive batch.
Use when making design decisions, implementing HIG patterns, Liquid Glass, SF Symbols, typography, or structuring app entry points and authentication flows.
.NET and ASP.NET Core security patterns. Covers Identity, authentication, dependency auditing, secure coding practices, and OWASP for .NET ecosystem. USE WHEN: user works with "C#", ".NET", "ASP.NET Core", "Entity Framework", asks about ".NET vulnerabilities", "NuGet security", ".NET authentication", "Blazor security" DO NOT USE FOR: general OWASP concepts - use `owasp` or `owasp-top-10` instead, Java/Python security - use language-specific skills
Identifies and exploits SQL injection vulnerabilities in web applications during authorized penetration tests using manual techniques and automated tools like sqlmap. The tester detects injection points through error-based, union-based, blind boolean, and time-based blind techniques across all major database engines (MySQL, PostgreSQL, MSSQL, Oracle) to demonstrate data extraction, authentication bypass, and potential remote code execution. Activates for requests involving SQL injection testing, SQLi exploitation, database security assessment, or injection vulnerability verification.
Work with the DatoCMS CLI tool (datocms) for command-line migrations, schema type generation, direct one-off CMA calls, typed one-off TypeScript CMA scripts, environment operations, deployment workflows, and multi-project profile syncing. Use when users ask for datocms CLI commands or scripts such as migrations:new, migrations:run, schema:generate, cma:call, cma:docs, cma:script (for ad-hoc typed TypeScript scripts with ambient client/Schema globals), migration scaffolding for models/fields/blocks, CLI setup with datocms.config.json and profiles, OAuth authentication (login, logout, whoami), discovering accessible projects (projects:list), project linking (link, unlink), environment commands (list/fork/promote/rename/destroy), maintenance-mode toggling, CI/CD migration pipelines, blueprint/client project sync, imports from WordPress or Contentful (including assets/content), and CLI plugin management (plugins:install, plugins:add, plugins:available, plugins:link for local plugin development, plugins:remove, plugins:update, plugins:reset, plugins:inspect).
Diagnose and fix MCP server connection issues between Claude Code, Claude Desktop, and MCP servers. Covers Windows argument parsing, authentication failures, transport issues, and platform-specific debugging. Use when Claude Code or Claude Desktop fails to connect to an MCP server, when MCP tools don't appear in sessions, on "cannot attach the server" errors, when a working connection has stopped, or when setting up MCP on a new machine.
Security review and penetration testing: evaluate your application against OWASP Top 10, authentication security, HTTP headers, CORS, CSP, supply chain risks, and common attack vectors with browser-based validation.
Guides structured security log analysis across authentication, network, endpoint, and cloud audit log sources. Auto-invoked when the user shares log data, asks about suspicious events, needs help interpreting Windows Event IDs or Linux auth logs, or is establishing baselines for anomaly detection. Produces log source taxonomy, anomaly identification, baseline recommendations, and correlation findings mapped to MITRE ATT&CK v16 techniques.
Interact with the Infisical REST API to manage secrets, projects, environments, machine identities, and more. Supports secret CRUD operations, machine identity authentication, pagination, and rate limiting on cloud deployments.
SSH/Server Operation Assistant. Used for tasks such as remote servers, user@host, SSH configuration, upload and download, deployment, bastion host, tunnel, port forwarding, server command execution, etc.; takes the Host alias in ~/.ssh/config as the only server list, prioritizes key authentication, and encapsulates OpenSSH operations through the Python scripts of this skill.