Loading...
Loading...
Found 23 Skills
Review Next.js security audit patterns for App Router and Server Actions. Use for auditing NEXT_PUBLIC_* exposure, Server Action auth, and middleware matchers. Use proactively when reviewing Next.js apps. Examples: - user: "Scan Next.js env vars" → find leaked secrets with NEXT_PUBLIC_ prefix - user: "Audit Server Actions" → check for missing auth and input validation - user: "Review Next.js middleware" → verify matcher coverage for protected routes - user: "Check Next.js API routes" → verify auth in app/api and pages/api - user: "Secure Next.js headers" → audit next.config.js for security headers
Implement Convex authentication and authorization patterns with OIDC providers or Convex Auth. Use for auth provider setup, ctx.auth usage, user identity handling, and auth-aware schema patterns. Use proactively when users mention auth, JWT, Clerk/Auth0/WorkOS, or Convex Auth. Examples: - user: "Add auth to Convex" → choose provider and outline setup - user: "Get current user" → use ctx.auth.getUserIdentity and checks - user: "Service-to-service access" → use shared secret pattern
Apply official brand colors and typography to professional artifacts. Use for presentations, reports, and documents to ensure corporate visual identity. Use proactively when a "client-ready" look-and-feel is requested. Examples: - user: "Brand this report" -> apply corporate colors and fonts - user: "Apply brand guidelines to these slides" -> update colors/fonts in XML - user: "Check if this document is on-brand" -> verify against color/font standards
Create OpenCode plugins using the @opencode-ai/plugin SDK. Use for building custom tools, event hooks, auth providers, or tool execution interception. Use proactively when developing new plugins in .opencode/plugin/ or ~/.config/opencode/plugin/. Examples: - user: "Create a plugin to block dangerous commands" → implement tool execution before hook with blocking logic - user: "Add a custom tool for jira" → design tool schema and implementation using SDK context - user: "Show toast on file edit" → react to file edit events and display status message - user: "Build a custom auth provider" → implement auth flow for new model provider - user: "Intercept git commits" → add hook to validate commit messages before execution
Review FastAPI security audit patterns for dependencies and middleware. Use for auditing auth dependencies, CORS configuration, and TrustedHost middleware. Use proactively when reviewing FastAPI apps. Examples: - user: "Audit FastAPI route security" → check for Depends() and Security() usage - user: "Check FastAPI CORS setup" → verify origins when allow_credentials=True - user: "Review FastAPI middleware" → check TrustedHost and HTTPSRedirect config - user: "Secure FastAPI API keys" → move from query params to header schemes - user: "Scan for FastAPI footguns" → check starlette integration and dependency order
Handle Word document (.docx) creation, editing, and analysis with high-fidelity visual review. Use for professional reports, legal documents, and tracked changes. Use proactively when quality and precise formatting are critical. Examples: - user: "Create a professional report in Word" -> use python-docx with render loops - user: "Draft a legal contract with redlines" -> use ooxml redlining workflow - user: "Extract text from this DOCX while preserving structure" -> use pandoc markdown conversion
Edit opencode.json, AGENTS.md, and config files. Use proactively for provider setup, permission changes, model config, formatter rules, or environment variables. Examples: - user: "Add Anthropic as a provider" → edit opencode.json providers, add API key baseEnv var, verify with opencode run test - user: "Restrict this agent's permissions" → add permission block to agent config, set deny/allow for tools/fileAccess - user: "Set GPT-5 as default model" → edit global or agent-level model preference, verify model name format - user: "Disable gofmt formatter" → edit formatters section, set languages.gofmt.enabled = false
Review Express.js security audit patterns for middleware and routes. Use for auditing Helmet.js, CORS, body-parser limits, and auth middleware. Use proactively when reviewing Express.js apps. Examples: - user: "Secure my Express app" → add Helmet.js and disable x-powered-by - user: "Check Express CORS config" → verify origin allowlists and credentials - user: "Review Express auth middleware" → check route order and coverage - user: "Scan for Express path traversal" → verify path normalization and validation - user: "Audit Express session config" → check secure, httpOnly, and sameSite flags
Maintain repository integrity and documentation. Use for auditing structure, checking config validity, and reviewing inventory. Use proactively to validate the repository or sync documentation. Examples: - user: "Validate the repo" → run audit_repo.py - user: "Check agents" → run audit_repo.py, review errors - user: "Update documentation" → run sync_docs.py - user: "Check for issues" → run full audit
Handle spreadsheet operations (Excel/CSV) with high-fidelity modeling, financial analysis, and visual verification. Use for budget models, data dashboards, and complex formula-heavy sheets. Use proactively when zero formula errors and professional standards are required. Examples: - user: "Build an LBO model" -> create Excel with banking-standard formatting - user: "Analyze this data and create a dashboard" -> use openpyxl + artifact_tool - user: "Verify formulas in this spreadsheet" -> run recalc.py to check for errors
Self-referential completion loop for OpenCode. Re-injects continuation prompts until the task is fully complete with a completion promise.