Loading...
Loading...
Found 266 Skills
Security engineering that protects applications, data, and users from real-world threatsUse when "security, authentication, authorization, encryption, OWASP, vulnerability, XSS, SQL injection, CSRF, secrets, password, JWT, OAuth, permissions, audit, compliance, security, authentication, authorization, encryption, vulnerabilities, OWASP, compliance, audit" mentioned.
Implement secure authentication bridge between Better Auth (Next.js frontend) and FastAPI (Python backend) using JWKS JWT token verification. Use this skill when users need to (1) Integrate Better Auth with FastAPI backend, (2) Implement JWT authentication with JWKS verification, (3) Set up user isolation and authorization in FastAPI endpoints, (4) Configure frontend to send authenticated API requests, or (5) Troubleshoot Better Auth + FastAPI authentication issues.
Audit access control implementations for security vulnerabilities and misconfigurations. Use when reviewing authentication and authorization. Trigger with 'audit access control', 'check permissions', or 'validate authorization'.
Run Spectral to lint OpenAPI and AsyncAPI specs for security issues. Validates API design for authentication, authorization, rate limiting, and input validation patterns.
Implement alarm and countdown timer features using Apple's AlarmKit framework (iOS 26+ / iPadOS 26+). Covers AlarmManager for scheduling alarms and timers, AlarmAttributes and AlarmPresentation for Lock Screen and Dynamic Island UI, AlarmButton for stop/snooze actions, authorization flows, alarm state observation, and Live Activity integration. Use when building wake-up alarms, countdown timers with system UI, or alarm-style notifications that surface on the Lock Screen and Dynamic Island.
Use this skill when designing backend systems, databases, APIs, or services. Triggers on schema design, database migrations, indexing strategies, distributed systems architecture, microservices, caching, message queues, observability setup, logging, metrics, tracing, SLO/SLI definition, performance optimization, query tuning, security hardening, authentication, authorization, API design (REST, GraphQL, gRPC), rate limiting, pagination, and failure handling patterns. Acts as a senior backend engineering advisor for mid-level engineers leveling up.
Generate integration tests for ASP.NET Core ABP Framework application services and HTTP APIs. Use when the user requests integration tests, end-to-end tests, API tests, or wants to verify ABP framework integration points (repositories, authorization, validation, multi-tenancy, unit-of-work, data filters). Trigger even if the user just says "add tests" for an ApplicationService — ask if they want unit or integration tests.
Access research-grade sensor data using SensorKit. Use when reading ambient light levels, accelerometer data, rotation rates, device usage patterns, keyboard metrics, or media events for approved research studies. Requires SensorKit entitlement and research study authorization.
Access Apple Card, Apple Cash, and Wallet financial data using FinanceKit. Use when querying transaction history, reading account balances, accessing Wallet orders, requesting financial data authorization, or building personal finance features that integrate with Apple's financial services.
MUST be used whenever reviewing a Dune app for security issues, or before shipping any feature that handles credentials, user input, or external data. Do NOT skip this when the user asks for a security review, security audit, or vulnerability check — run every step in order. Triggers: security, security review, security audit, vulnerability, XSS, injection, credentials, secrets, auth, authentication, authorization, token, sensitive data, input validation, CORS, CSP, dependency audit.
Error-to-fix playbook for every known failure mode on the OpenFinance backend — Polymarket, Relay, Hyperliquid, Privy delegation, and Solana RPC issues. Use this the moment a call fails, returns an unexpected status, or behaves inconsistently with on-chain state. Triggers on ANY of these error signatures verbatim or in paraphrase. Polymarket: "allowance: 0 but on-chain shows max", "CLOB reports allowance 0", "approvals confirmed but order rejected", "404 upstream" on market orders, "tick size" rejection, "order size below minimum", USDC.e vs pUSD vs native USDC confusion, V1 vs V2 exchange confusion. Relay: "InstructionFallbackNotFound", "Custom:101", "Custom:6000", "AnchorError", "Blockhash not found", "TransactionExpired", "No valid authorization signatures were provided", "Solana wallet is not delegated to the app", 412 delegation errors, quote succeeded but execute failed, stuck funds on Solana, stuck funds cross-chain, topupGas forced off. Hyperliquid: "Insufficient perp account value", "price out of bounds", WebSocket stale data, spot vs perp balance confusion. General: any "why is X failing", "why does on-chain and API state disagree", "what does this error mean". Read this BEFORE assuming a bug in the MCP or backend — most of these errors are already catalogued with known fixes.
MUST be used whenever fixing security issues in a Flows app, or before shipping any feature that handles credentials, user input, or external data. This skill finds AND fixes security problems — it does not just report them. Do NOT skip this when the user asks for a security fix, security hardening, or vulnerability remediation — run every step in order. Triggers: security, security fix, security hardening, vulnerability, XSS, injection, credentials, secrets, auth, authentication, authorization, token, sensitive data, input validation, CORS, CSP, dependency audit.