Loading...
Loading...
Found 935 Skills
Expert in application security, OWASP Top 10, authentication, authorization, data protection, and security best practices for React, Next.js, and NestJS applications
Add UI components and pages for authentication flows including sign in, sign up, forgot password, reset password, and email verification.
Build stateless MCP servers with TypeScript on Cloudflare Workers using @modelcontextprotocol/sdk. Provides patterns for tools, resources, prompts, and authentication (API keys, OAuth, Zero Trust). Use when exposing APIs to LLMs, integrating Cloudflare services (D1, KV, R2, Vectorize), or troubleshooting export syntax errors, unclosed transport leaks, or CORS misconfigurations.
Audit API security for OWASP Top 10 vulnerabilities, authentication issues, and authorization flaws. Use when securing APIs, fixing security vulnerabilities, or implementing security best practices.
Implement middleware for authentication, logging, CORS, and request processing. Use for cross-cutting concerns and request/response modification.
Hardens API security with rate limiting, input validation, authentication, and protection against common attacks. Use when users request "API security", "secure API", "rate limiting", "input validation", or "API protection".
General-purpose security auditing guide. Covers OWASP Top 10, dependency vulnerabilities, authentication, authorization, input validation, and secret management. Use this when performing a security review or audit.
Fullstack development skill using bkend.ai BaaS platform. Covers authentication, data storage, API integration for dynamic web apps. Project initialization with "init dynamic" or "dynamic init". Use proactively when user needs login, database, or backend features without managing servers. Triggers: fullstack, BaaS, bkend, authentication, login feature, signup, database, web app, SaaS, MVP, init dynamic, dynamic init, 풀스택, 인증, 로그인 기능, 회원가입, 데이터베이스, 웹앱, フルスタック, 認証, ログイン機能, データベース, 全栈, 身份验证, 登录功能, autenticación, inicio de sesión, registro, base de datos, fullstack, aplicación web, authentification, connexion, inscription, base de données, fullstack, application web, Authentifizierung, Anmeldung, Registrierung, Datenbank, Fullstack, Web-App, autenticazione, accesso, registrazione, database, fullstack, applicazione web Do NOT use for: static websites, Enterprise-grade systems requiring custom infrastructure.
Security patterns for authentication, defense-in-depth, input validation, OWASP Top 10, LLM safety, and PII masking. Use when implementing auth flows, security layers, input sanitization, vulnerability prevention, prompt injection defense, or data redaction.
Implements JWT SSO authentication for Metabase embedding in a project. Supports all embedding types that use SSO — Modular embedding (embed.js web components), Modular embedding SDK (@metabase/embedding-sdk-react), and Full app embedding (iframe-based). Creates the JWT signing endpoint, configures the frontend auth layer, and sets up group mappings. Use when the user wants to add SSO/JWT auth to their Metabase embedding, implement user identity for embedded analytics, set up JWT authentication for Metabase, or connect their app's authentication to Metabase embedding.
NTLM relay and authentication coercion playbook. Use when capturing and relaying NTLM authentication to escalate privileges via SMB, LDAP, HTTP, or MSSQL relay targets, combined with PetitPotam, PrinterBug, and other coercion methods.
Guide REST API integration including HTTP methods, authentication, error handling, and rate limiting. Use this skill when the user needs to connect to a third-party API, design an API client, troubleshoot API errors, or understand API concepts — even if they say 'connect to this API', 'why is the API returning errors', 'how do I authenticate', or 'build an API integration'.