Loading...
Loading...
Found 233 Skills
NestJS framework best practices and production patterns. Use whenever working with NestJS — creating modules, controllers, services, DTOs, guards, interceptors, pipes, middleware, or building REST/GraphQL/microservice APIs. Also use when setting up authentication, authorization, validation, queues, health checks, WebSockets, caching, or any @nestjs/* package. Even for simple NestJS tasks, this skill ensures correct import paths, proper decorator usage, and production-ready patterns. Covers NestJS v11 with Express v5, native JWT auth, Zod validation, Keyv caching, and Suites testing.
Performs security audits and vulnerability assessments on Ruby on Rails application code. Use when reviewing Rails code for security risks, assessing authentication or authorization, auditing parameter handling, redirects, file uploads, secrets management, or checking for XSS, CSRF, SSRF, SQL injection, and other common vulnerabilities.
Guide first-time Enable Banking API setup and sample flows: Control Panel signup, sandbox application registration, browser-generated private key download, RS256 JWT creation, Authorization header setup, listing ASPSPs, starting AIS authorization, exchanging callback code for a session, fetching balances and transactions, creating a SEPA payment, redirecting the PSU, and checking payment status. Use when Codex needs to onboard a developer quickly or scaffold a minimal working Enable Banking sandbox integration.
CreatiBI CLI Shared Basics: Application configuration initialization, authentication login (auth login), identity check (auth whoami). Triggered when users need to configure for the first time, use login authorization, encounter insufficient permissions, or use cbi-cli for the first time.
Error-to-fix playbook for every known failure mode on the OpenFinance backend — Polymarket, Relay, Hyperliquid, Privy delegation, and Solana RPC issues. Use this the moment a call fails, returns an unexpected status, or behaves inconsistently with on-chain state. Triggers on ANY of these error signatures verbatim or in paraphrase. Polymarket: "allowance: 0 but on-chain shows max", "CLOB reports allowance 0", "approvals confirmed but order rejected", "404 upstream" on market orders, "tick size" rejection, "order size below minimum", USDC.e vs pUSD vs native USDC confusion, V1 vs V2 exchange confusion. Relay: "InstructionFallbackNotFound", "Custom:101", "Custom:6000", "AnchorError", "Blockhash not found", "TransactionExpired", "No valid authorization signatures were provided", "Solana wallet is not delegated to the app", 412 delegation errors, quote succeeded but execute failed, stuck funds on Solana, stuck funds cross-chain, topupGas forced off. Hyperliquid: "Insufficient perp account value", "price out of bounds", WebSocket stale data, spot vs perp balance confusion. General: any "why is X failing", "why does on-chain and API state disagree", "what does this error mean". Read this BEFORE assuming a bug in the MCP or backend — most of these errors are already catalogued with known fixes.
Debug ASP.NET Core and .NET applications with systematic diagnostic approaches. This skill covers troubleshooting dependency injection container errors, middleware pipeline issues, Entity Framework Core query problems, configuration binding failures, authentication/authorization issues, and startup failures. Includes Visual Studio and VS Code debugging, dotnet-trace, dotnet-dump, dotnet-counters tools, Serilog configuration, Application Insights integration, and four-phase debugging methodology.
A dedicated skill for security code review of OpenHarmony distributed systems. Triggered when users make requests such as "review code security implementation", "code security audit", "security code review" or similar distributed system code security review requests. This skill provides detailed review guidance for 18 security design rules for OpenHarmony distributed services, covering security areas such as authorization control, state machines, data transmission, permission management, and trusted relationships. Using this skill, you can conduct specialized security reviews for OpenHarmony distributed systems based on general cybersecurity rules.
Review board/stockholder resolutions for corporate authority, quorum, securities authorization, and execution. Triggers: (1) 'check resolutions' → checklist review, (2) 'advise' / 'review' → full consultation with playbook, (3) 'generate' / 'template' → Skala templates URL. Jurisdiction: Delaware, USA.
Comprehensive security and authentication workflow that orchestrates security architecture, identity management, access control, and compliance implementation. Handles everything from authentication system design and authorization frameworks to security auditing and threat protection.
Use this agent when you need to perform security audits, vulnerability assessments, or security reviews of code. This includes checking for common security vulnerabilities, validating input handling, reviewing authentication/authorization implementations, scanning for hardcoded secrets, and ensuring OWASP compliance. <example>Context: The user wants to ensure their newly implemented API endpoints are secure before deployment.\nuser: "I've just finished implementing the user authentication endpoints. Can you check them for security issues?"\nassistant: "I'll use the security-sentinel agent to perform a comprehensive security review of your authentication endpoints."\n<commentary>Since the user is asking for a security review of authentication code, use the security-sentinel agent to scan for vulnerabilities and ensure secure implementation.</commentary></example> <example>Context: The user is concerned about potential SQL injection vulnerabilities in their database queries.\nuser: "I'm worried about SQL inj...
Implement secure authentication bridge between Better Auth (Next.js frontend) and FastAPI (Python backend) using JWKS JWT token verification. Use this skill when users need to (1) Integrate Better Auth with FastAPI backend, (2) Implement JWT authentication with JWKS verification, (3) Set up user isolation and authorization in FastAPI endpoints, (4) Configure frontend to send authenticated API requests, or (5) Troubleshoot Better Auth + FastAPI authentication issues.
Audit access control implementations for security vulnerabilities and misconfigurations. Use when reviewing authentication and authorization. Trigger with 'audit access control', 'check permissions', or 'validate authorization'.