Loading...
Loading...
Found 228 Skills
Implement, review, or improve maps and location features in iOS/macOS apps using MapKit and CoreLocation. Use when working with Map views, annotations, markers, polylines, user location tracking, geocoding, reverse geocoding, search/autocomplete, directions and routes, geofencing, region monitoring, CLLocationUpdate async streams, or location authorization flows. Also use when working with maps, coordinates, addresses, places, directions, distance calculations, or location-based features in Swift apps.
MUST be used whenever reviewing a Dune app for security issues, or before shipping any feature that handles credentials, user input, or external data. Do NOT skip this when the user asks for a security review, security audit, or vulnerability check — run every step in order. Triggers: security, security review, security audit, vulnerability, XSS, injection, credentials, secrets, auth, authentication, authorization, token, sensitive data, input validation, CORS, CSP, dependency audit.
Embed and troubleshoot Enable Banking UI Widgets for terms consent, ASPSP selection, and auth flow in web applications. Use when Codex needs to load the Enable Banking widgets library, render `enablebanking-consent`, `enablebanking-aspsp-list`, or `enablebanking-auth-flow`, wire widget events into React/TanStack/Hono flows, handle sandbox/custom origins, whitelist widget origins, or choose between redirect and no-redirect authorization UX.
MUST be used whenever fixing security issues in a Flows app, or before shipping any feature that handles credentials, user input, or external data. This skill finds AND fixes security problems — it does not just report them. Do NOT skip this when the user asks for a security fix, security hardening, or vulnerability remediation — run every step in order. Triggers: security, security fix, security hardening, vulnerability, XSS, injection, credentials, secrets, auth, authentication, authorization, token, sensitive data, input validation, CORS, CSP, dependency audit.
Amazon Ads Store Authorization and Management Skill, providing complete capabilities including authorization process, query of bound accounts and sites, token refresh and reading. When initiating an authorization link, you must first confirm an account name with the user; a single authorization can automatically discover and bind all available ad profiles under the same account (each site corresponds to one profileId). This skill is triggered when the user mentions terms such as Amazon Ads authorization, binding ad accounts, refreshing ad tokens, querying profile lists, managing authorized ad accounts, or English terms like Amazon Advertising authorization, Ads token refresh, list profiles, ad account management. Even if "Amazon Ads" or "authorization" is not explicitly mentioned, it should be triggered as long as it involves Amazon Ads account binding, access token management, or ad profile list query.
Use for Roblox OAuth 2.0 work: registering an OAuth app, choosing confidential versus public client flows, implementing authorization code flow with PKCE, handling authorization callbacks and token refresh safely, selecting minimal scopes for Open Cloud access, and troubleshooting OAuth-specific auth failures.
Use when securing Spring Boot API endpoints with JWT Bearer token validation, scope-based authorization, or DPoP proof-of-possession - integrates com.auth0:auth0-springboot-api SDK for REST APIs receiving access tokens from frontends or mobile apps. Triggers on Auth0AuthenticationFilter, Spring Boot API auth, JWT validation, SecurityFilterChain, hasAuthority SCOPE.
Backend development specialist covering API design, database integration, microservices architecture, and modern backend patterns. Use when user asks about API design, REST or GraphQL endpoints, server implementation, authentication, authorization, middleware, or backend service architecture. Do NOT use for database-specific schema design or query optimization (use moai-domain-database instead) or frontend implementation (use moai-domain-frontend instead).
World-class backend engineering - distributed systems, database architecture, API design, and the battle scars from scaling systems that handle millions of requestsUse when "backend, api, database, postgres, mysql, mongodb, redis, graphql, rest, authentication, authorization, caching, queue, background job, webhook, migration, transaction, n+1, rate limit, server, node.js, python, go, backend, api, database, architecture, performance, reliability, security" mentioned.
Role-based access control (RBAC) with permissions and policies. Use for admin dashboards, enterprise access, multi-tenant apps, fine-grained authorization, or encountering permission hierarchies, role inheritance, policy conflicts.
Authentication and authorization patterns. Use when implementing login flows, JWT tokens, session management, password security, OAuth 2.1, Passkeys/WebAuthn, or role-based access control.
Security engineering that protects applications, data, and users from real-world threatsUse when "security, authentication, authorization, encryption, OWASP, vulnerability, XSS, SQL injection, CSRF, secrets, password, JWT, OAuth, permissions, audit, compliance, security, authentication, authorization, encryption, vulnerabilities, OWASP, compliance, audit" mentioned.