Loading...
Loading...
Found 179 Skills
This skill should be used when auditing code for security issues, reviewing authentication/authorization, evaluating input validation, analyzing cryptographic usage, or reviewing dependency security. Provides OWASP patterns, CWE analysis, and threat modeling guidance.
Provides comprehensive KeyCloak administration guidance including realm management, user/group administration, client configuration, authentication flows, identity brokering, authorization policies, security hardening, and troubleshooting. Covers SSO configuration, SAML/OIDC setup, role-based access control (RBAC), user federation (LDAP/AD), social login integration, multi-factor authentication (MFA), and high availability deployments. Use when configuring KeyCloak, setting up SSO, managing realms and clients, troubleshooting authentication issues, implementing RBAC, or when users mention "KeyCloak", "SSO", "OIDC", "SAML", "identity provider", "IAM", "authentication flow", "user federation", "realm configuration", or "access management".
General-purpose security auditing guide. Covers OWASP Top 10, dependency vulnerabilities, authentication, authorization, input validation, and secret management. Use this when performing a security review or audit.
Comprehensive guide for Google Apps Script development covering all built-in services (SpreadsheetApp, DocumentApp, GmailApp, DriveApp, CalendarApp, FormApp, SlidesApp), triggers, authorization, error handling, and performance optimization. Use when automating Google Sheets operations, creating Google Docs, managing Gmail/email, working with Google Drive files, automating Calendar events, implementing triggers (time-based, event-based), building custom functions, creating add-ons, handling OAuth scopes, optimizing Apps Script performance, working with UrlFetchApp for API calls, using PropertiesService for persistent storage, or implementing CacheService for temporary data. Covers batch operations, error recovery, and JavaScript ES6+ runtime.
Django access control and IDOR security review. Use when reviewing Django views, DRF viewsets, ORM queries, or any Python/Django code handling user authorization. Trigger keywords: "IDOR", "access control", "authorization", "Django permissions", "object permissions", "tenant isolation", "broken access".
iOS 16+ Screen Time engineering skill for FamilyControls, ManagedSettings, ManagedSettingsUI, ScreenTime, and DeviceActivity/DeviceActivityMonitor extension workflows. Use for app and website blocking, custom shields, shield action handling, schedule-based enforcement, onboarding authorization flows, usage analytics reports, entitlement setup, App Review readiness, debugging, and production hardening.
Writes Pest feature tests for Laravel HTTP controllers using repeatable controller-test patterns across web/session and API/JSON flows. Activates when creating or updating controller tests, nested resource route tests at any depth, CRUD action tests (create, destroy, edit, index, show, store, update), authorization and route-binding scope checks, validation datasets, transport-specific response assertions, and database persistence assertions.
OAuth 2.0 and OpenID Connect authentication with secure flows. Use for third-party integrations, SSO systems, token-based API access, or encountering authorization code flow, PKCE, token refresh, scope management errors.
IPA guideline-compliant security diagnostic and review skill for Laravel/React applications. Use when performing security checks during code implementation or review. Diagnoses 11 vulnerability types (SQL injection, XSS, CSRF, etc.), provides safe code examples, and performs checklist-based validation. Works in conjunction with .claude/rules/security/ to provide concrete diagnostic workflows during implementation phases. Triggers when: (1) reviewing code for security vulnerabilities, (2) implementing authentication/authorization, (3) handling user input/output, (4) working with sessions/cookies, (5) processing files or executing commands, (6) creating forms or APIs, (7) performing security audits.
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).
Create, read, and manage Feishu tasks with automatic user authorization. Use when you need to create tasks that your user can directly edit, read task lists, manage task details, or check calendar events. Supports automatic token refresh and persistence across sessions. All operations are performed with user identity, ensuring proper permissions.
Guide for building SumUp payment integrations that cover both terminal (card-present) and online (card-not-present) checkout flows using SumUp SDKs and APIs. Use when implementing or debugging SumUp checkout creation, payment processing, reader pairing, Card Widget integrations, Cloud API reader checkouts, or authorization setup with API keys/OAuth and Affiliate Keys.