Loading...
Loading...
Found 69 Skills
Choose optimal Next.js rendering strategy (SSR, SSG, ISR, CSR) based on content type, update frequency, and performance requirements. Use when deciding how to render pages, optimizing performance, or implementing data fetching. Trigger words include "rendering", "SSR", "SSG", "ISR", "static", "server-side".
Security patterns and OWASP guidelines. Triggers on: security review, OWASP, XSS, SQL injection, CSRF, authentication, authorization, secrets management, input validation, secure coding.
Authentication and security patterns for EFT-Tracker using NextAuth. Covers password reset, session management, CSRF protection, and security reviews. Activates when user mentions: auth, authentication, password, NextAuth, session, security, login, logout, CSRF, rate limit, token, JWT.
Frontend-focused code review skill for React/TypeScript/Tailwind projects. Analyzes code quality, security vulnerabilities (XSS, CSRF), performance issues, accessibility (WCAG), React best practices, hooks usage, component architecture, responsive design, and SEO. Use when users request code review, want feedback on components, ask about frontend security, performance optimization, or accessibility compliance. Provides actionable feedback with severity levels and fix suggestions.
Use when facing complex decisions, architectural trade-offs, philosophical questions, or any problem requiring deep analysis before action. Use when the user asks to "think deeply", "question assumptions", "analyze from first principles", "challenge this decision", debates between two approaches (e.g. monolith vs microservices, build vs buy, SSR vs CSR), or invokes /socrates. Also triggered when other skills need a thinking engine for rigorous pre-analysis. Even if the problem seems simple, if there are hidden assumptions worth examining, this skill applies.
Security-focused code review checklist and automated scanning patterns. Use when reviewing pull requests for security issues, auditing authentication/authorization code, checking for OWASP Top 10 vulnerabilities, or validating input sanitization. Covers SQL injection prevention, XSS protection, CSRF tokens, authentication flow review, secrets detection, dependency vulnerability scanning, and secure coding patterns for Python (FastAPI) and React. Does NOT cover deployment security (use docker-best-practices) or incident handling (use incident-response).
Self-hosted TypeScript auth framework with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Supports Drizzle/Prisma/Kysely adapters. Self-hosted alternative to Clerk/Auth.js. Use when: configuring auth, adding plugins, social OAuth, multi-tenant SaaS, organizations with teams and RBAC, two-factor authentication (TOTP/OTP/backup codes), email verification, password reset flows, session management, rate limiting, CSRF and cookie security, Expo/mobile, D1 adapter errors, TanStack Start integration, additionalFields bugs, admin plugin, migrating from NextAuth, migrating from Clerk, migrating from Supabase Auth, or troubleshooting auth issues.
Provides comprehensive security review capability for TypeScript and Node.js applications, validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure. Use when performing security audits, before deployment, reviewing authentication/authorization implementations, or ensuring OWASP compliance for Express, NestJS, and Next.js. Triggers on "security review", "check for security issues", "TypeScript security audit".
Entry P1 category router for authentication and authorization. Use when testing login flows, sessions, object authorization, JWT, OAuth, CORS, CSRF, and enterprise SSO weaknesses before any deeper auth topic skill.
HTTP Parameter Pollution (HPP): duplicate query/body keys parsed differently by servers, proxies, WAFs, and app frameworks. Use when filters and application layers disagree on which value wins, enabling bypass, SSRF second URL, logic abuse, or CSRF token confusion.
IPA guideline-compliant security diagnostic and review skill for Laravel/React applications. Use when performing security checks during code implementation or review. Diagnoses 11 vulnerability types (SQL injection, XSS, CSRF, etc.), provides safe code examples, and performs checklist-based validation. Works in conjunction with .claude/rules/security/ to provide concrete diagnostic workflows during implementation phases. Triggers when: (1) reviewing code for security vulnerabilities, (2) implementing authentication/authorization, (3) handling user input/output, (4) working with sessions/cookies, (5) processing files or executing commands, (6) creating forms or APIs, (7) performing security audits.
Manage App Store Connect code signing resources using the `asc` CLI tool. Use this skill when: (1) Managing bundle identifiers — register, list, or delete (`asc bundle-ids`) (2) Managing signing certificates — create from CSR, list, or revoke (`asc certificates`) (3) Registering or listing test devices (`asc devices`) (4) Managing provisioning profiles — create, list, or delete (`asc profiles`) (5) Setting up the full code signing chain for CI/CD pipelines (6) User says "set up signing", "create a profile", "register my device", "revoke cert", "list certificates", "create bundle id", or any code-signing related task