Loading...
Loading...
Found 100 Skills
IPA guideline-compliant security diagnostic and review skill for Laravel/React applications. Use when performing security checks during code implementation or review. Diagnoses 11 vulnerability types (SQL injection, XSS, CSRF, etc.), provides safe code examples, and performs checklist-based validation. Works in conjunction with .claude/rules/security/ to provide concrete diagnostic workflows during implementation phases. Triggers when: (1) reviewing code for security vulnerabilities, (2) implementing authentication/authorization, (3) handling user input/output, (4) working with sessions/cookies, (5) processing files or executing commands, (6) creating forms or APIs, (7) performing security audits.
Use when reviewing code security, auditing dependencies for CVEs, checking configuration or secret security, assessing authentication and authorization patterns, identifying OWASP vulnerabilities (injection, XSS, CSRF), or addressing security concerns about implementations.
Manage App Store Connect code signing resources using the `asc` CLI tool. Use this skill when: (1) Managing bundle identifiers — register, list, or delete (`asc bundle-ids`) (2) Managing signing certificates — create from CSR, list, or revoke (`asc certificates`) (3) Registering or listing test devices (`asc devices`) (4) Managing provisioning profiles — create, list, or delete (`asc profiles`) (5) Setting up the full code signing chain for CI/CD pipelines (6) User says "set up signing", "create a profile", "register my device", "revoke cert", "list certificates", "create bundle id", or any code-signing related task
Audit de sécurité couvrant l'authentification, l'injection SQL, l'exposition de secrets, le CSRF et les vulnérabilités du Top 10 OWASP.
Use when initializing a new Vite + React (CSR) project or when an existing Vite React project needs missing configuration (ESLint, Prettier, TanStack Query, React Router, Zustand, Tailwind CSS, VSCode, Cursor, Antigravity settings, path aliases).
Web application security expert. OWASP Top 10, XSS, SQLi, CSRF, SSRF, authentication bypass, IDOR. Use for web app security testing.
Use when you need to design, review, or improve security in Micronaut applications — including micronaut-security authentication, @Secured and intercept-url-map rules, JWT/session strategies, SecurityService checks, CORS, CSRF awareness for browser apps, rejection handlers, and sensitive-data-safe logging. This should trigger for requests such as Add Micronaut security support; Review Micronaut security configuration; Improve API authorization in Micronaut; Add JWT security in Micronaut; Harden Micronaut route authorization rules. Part of cursor-rules-java project
Security best practices for web applications. Use when handling user input, authentication, or sensitive data. Covers XSS, SQL injection, CSRF, environment variables, and secure coding patterns.
Authentication and security patterns for EFT-Tracker using NextAuth. Covers password reset, session management, CSRF protection, and security reviews. Activates when user mentions: auth, authentication, password, NextAuth, session, security, login, logout, CSRF, rate limit, token, JWT.
Security audit checklist based on OWASP Top 10 and best practices. Covers authentication, injection, XSS, CSRF, secrets management, and more. Use when reviewing security, before deploy, asking "is this secure", "security check", "vulnerability".
This skill should be used when the user asks to "explain security concept", "what is OWASP", "explain this finding", "what does this vulnerability mean", "explain stride", "explain injection", "what is CSRF", "explain spoofing", "what does INJ-003 mean", "compare stride vs pasta", or asks any question about security terminology, frameworks, vulnerability categories, or specific findings. Works at framework, category, finding, and comparison levels.
Load PROACTIVELY when task involves user identity, login, or access control. Use when user says "add authentication", "set up login", "add OAuth", "protect these routes", "implement RBAC", or "add sign-up". Covers session management, JWT tokens, OAuth2 flows, password reset, email verification, protected route middleware, role-based access control, and security hardening (CSRF, rate limiting, token rotation).