Loading...
Loading...
Found 228 Skills
Security patterns and OWASP guidelines. Triggers on: security review, OWASP, XSS, SQL injection, CSRF, authentication, authorization, secrets management, input validation, secure coding.
Implement Convex authentication and authorization patterns with OIDC providers or Convex Auth. Use for auth provider setup, ctx.auth usage, user identity handling, and auth-aware schema patterns. Use proactively when users mention auth, JWT, Clerk/Auth0/WorkOS, or Convex Auth. Examples: - user: "Add auth to Convex" → choose provider and outline setup - user: "Get current user" → use ctx.auth.getUserIdentity and checks - user: "Service-to-service access" → use shared secret pattern
iOS 16+ Screen Time engineering skill for FamilyControls, ManagedSettings, ManagedSettingsUI, ScreenTime, and DeviceActivity/DeviceActivityMonitor extension workflows. Use for app and website blocking, custom shields, shield action handling, schedule-based enforcement, onboarding authorization flows, usage analytics reports, entitlement setup, App Review readiness, debugging, and production hardening.
OAuth 2.0 and OpenID Connect authentication with secure flows. Use for third-party integrations, SSO systems, token-based API access, or encountering authorization code flow, PKCE, token refresh, scope management errors.
Security best practices for Convex functions including ConvexError handling, argument/return validation, authentication helpers, access control, rate limiting, and internal functions. Use when writing public queries/mutations/actions, implementing authentication, adding authorization checks, handling errors, or reviewing Convex functions for security.
This skill should be used when the user asks about "authentication in Next.js", "NextAuth", "Auth.js", "middleware auth", "protected routes", "session management", "JWT", "login flow", or needs guidance on implementing authentication and authorization in Next.js applications.
TypeScript authentication framework (framework-agnostic). Features: email/password, OAuth (Google, GitHub, Discord), 2FA (TOTP, SMS), passkeys/WebAuthn, session management, RBAC, rate limiting, database adapters. Actions: implement, configure, secure authentication systems. Keywords: Better Auth, authentication, authorization, OAuth, email/password, 2FA, MFA, TOTP, passkeys, WebAuthn, session management, RBAC, rate limiting, database adapter, TypeScript auth, social login, Google auth, GitHub auth, Discord auth, email verification, password reset. Use when: implementing TypeScript auth, adding OAuth providers, setting up 2FA/MFA, managing sessions, configuring RBAC, building secure auth systems.
Security best practices and threat mitigation patterns for PACT framework development. Use when: implementing authentication or authorization, handling API credentials, integrating external APIs, processing sensitive data (PII, financial, health), reviewing code for vulnerabilities, or enforcing SACROSANCT security rules. Triggers on: security audit, credential handling, OWASP, auth flows, encryption, data protection, backend proxy pattern, frontend credential exposure.
Read, write, and query Apple Health data using HealthKit. Covers HKHealthStore authorization, sample queries, statistics queries, statistics collection queries for charts, saving HKQuantitySample data, background delivery, workout sessions with HKWorkoutSession and HKLiveWorkoutBuilder, HKUnit, and HKQuantityTypeIdentifier values. Use when integrating with Apple Health, displaying health metrics, recording workouts, or enabling background health data delivery.
Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.
Feishu Plugin Troubleshooting Tool. Includes frequently asked questions (FAQ) and in-depth diagnostic command (/feishu_doctor). FAQs can be accessed at any time. The diagnostic command is used to troubleshoot complex issues (such as repeated authorization failures, unresolved automatic authorization, etc.), which checks account configuration, API connectivity, application permissions, user authorization status, and generates detailed diagnostic reports and solutions.
AWS API Gateway for REST and HTTP API management. Use when creating APIs, configuring integrations, setting up authorization, managing stages, implementing rate limiting, or troubleshooting API issues.