Loading...
Loading...
Found 99 Skills
Expert knowledge for building, configuring, and operating GooseRelayVPN — a SOCKS5 VPN that tunnels raw TCP through Google Apps Script to a VPS exit server using AES-256-GCM encryption and domain fronting.
Configure TLS certificates and encryption for secure communications. Use when setting up HTTPS, securing service-to-service connections, implementing mutual TLS (mTLS), or debugging certificate issues.
OAuth 2.1, JWT (RFC 8725), encryption, and authentication security expert. Enforces 2026 security standards.
Handles sensitive data securely in Terraform. Use when managing passwords, API keys, database credentials, encryption keys, or other secrets. Covers Google Secret Manager integration, preventing secrets in state, IAM-based secret access, encryption, and security best practices.
Application security covering threat modeling (STRIDE), OWASP Top 10 (2025), OWASP API Security Top 10 (2023), secure coding review, authentication/authorization patterns, input validation, encryption, security headers, supply chain security, compliance (GDPR/HIPAA/SOC2/PCI-DSS), and security monitoring. Use when reviewing code for vulnerabilities, implementing auth patterns, securing APIs, configuring security headers, hardening supply chain, preventing injection attacks, or preparing for compliance audits.
Manages environment variables and secrets securely with encryption, rotation, and provider integration. Use when users request "secrets management", "environment variables", "API keys", "credentials storage", or "secret rotation".
This skill should be used when the user asks to "check for cryptographic issues", "analyze encryption", "find weak hashing", "audit password storage", "check for hardcoded keys", or mentions "cryptography", "encryption", "hashing", "TLS", "certificates", or "random number generation" in a security context. Maps to OWASP Top 10 2021 A02: Cryptographic Failures.
Security best practices and threat mitigation patterns for PACT framework development. Use when: implementing authentication or authorization, handling API credentials, integrating external APIs, processing sensitive data (PII, financial, health), reviewing code for vulnerabilities, or enforcing SACROSANCT security rules. Triggers on: security audit, credential handling, OWASP, auth flows, encryption, data protection, backend proxy pattern, frontend credential exposure.
Use this skill when implementing encryption, hashing, TLS configuration, JWT tokens, or key management. Triggers on encryption, hashing, bcrypt, AES, RSA, TLS certificates, JWT signing, HMAC, key rotation, digital signatures, and any task requiring cryptographic implementation or protocol selection.
Use when handling authentication, authorization, encryption, HIPAA compliance, SOC 2, privacy policies, penetration testing, or any security and compliance concerns
Use when building Rails features that handle personal data, adding encryption to models, implementing consent flows, building DSAR endpoints, or adding anonymization/pseudonymization. Also use when reviewing code for compliance with privacy laws like GDPR and LGPD, or when asked about privacy-by-design patterns in Rails.
GDPR compliance implementation. Data subject rights (access, deletion, portability), consent management, data processing records, PII handling, and privacy by design patterns. USE WHEN: user mentions "GDPR", "data privacy", "right to be forgotten", "data deletion", "consent management", "PII", "data subject request", "privacy policy", "cookie consent" DO NOT USE FOR: authentication - use auth skills; encryption - use `cryptography`; audit logging - use `audit-logging`