Loading...
Loading...
Found 2,248 Skills
Elasticsearch and Elastic APM integration with Serilog structured logging for .NET applications. Use when: (1) Implementing or configuring Serilog with Elasticsearch sink, (2) Setting up Elastic APM with data streams and authentication, (3) Creating logging extension methods in Infrastructure layer, (4) Enriching logs with app-name and app-type properties, (5) Configuring log levels and environment-specific logging, (6) Questions about logging security (PII, credentials), or (7) Troubleshooting observability and monitoring setup.
Security architecture and threat modeling. OWASP Top 10 analysis, security pattern implementation, vulnerability assessment, and security review for code and infrastructure.
Enterprise-grade NestJS development guidance for building modular, testable Node.js backends with TypeScript. Covers module design, dependency injection, validation, security, performance, and deployment.
Modern authentication implementation for 2026 - passkeys (WebAuthn), OAuth (Google, Apple), magic links, and cross-device sync. Use for passwordless-first authentication, social login setup, Supabase Auth, Next.js auth flows, and multi-factor authentication. Activate on "passkeys", "WebAuthn", "Google Sign-In", "Apple Sign-In", "magic link", "passwordless", "authentication", "login", "OAuth", "social login". NOT for session management without auth (use standard JWT docs), authorization/RBAC (use security-auditor), or API key management (use api-architect).
Configure perform API fuzzing to discover edge cases, crashes, and security vulnerabilities. Use when performing specialized testing. Trigger with phrases like "fuzz the API", "run fuzzing tests", or "discover edge cases".
Sails.js framework patterns for The Boring JavaScript Stack - actions, helpers, routes, policies, hooks, configuration, security, middleware, file uploads, deployment, and more. Use this skill when building, reviewing, or debugging any server-side code in a Sails.js application.
DigitalOcean Droplets, Linux server security, Nginx, and UFW.
Security analysis, vulnerability assessment, and security code reviews
Node.js backend patterns: framework selection, layered architecture, TypeScript, validation, error handling, security, production deployment. Use when building REST APIs, Express/Fastify servers, microservices, or server-side TypeScript.
Review React/TypeScript code for bugs, security vulnerabilities, performance issues, accessibility gaps, and CLAUDE.md workflow compliance. Enforces TypeScript strict mode, GPU-accelerated animations, WCAG AA accessibility, bundle size limits, and surgical simplicity. Use when completing features, before commits, or reviewing pull requests.
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches AI agents running in CI/CD pipelines, including env var intermediary patterns, direct expression injection, dangerous sandbox configurations, and wildcard user allowlists. Use when reviewing workflow files that invoke AI coding agents, auditing CI/CD pipeline security for prompt injection risks, or evaluating agentic action configurations.
This skill should be used when the user asks to "check for cryptographic issues", "analyze encryption", "find weak hashing", "audit password storage", "check for hardcoded keys", or mentions "cryptography", "encryption", "hashing", "TLS", "certificates", or "random number generation" in a security context. Maps to OWASP Top 10 2021 A02: Cryptographic Failures.