Loading...
Loading...
Found 873 Skills
Enforce secure secrets management across all platforms. Never hardcode OAuth2 secrets, API keys, tokens, passwords, or credentials in source code. Store all secrets in .env files, load from environment variables, and ensure .env is gitignored. Use this skill when: (1) writing any code that uses API keys, OAuth2 client secrets, tokens, or credentials, (2) setting up authentication or third-party integrations, (3) creating new projects that need environment configuration, (4) reviewing code for security issues related to secrets, (5) configuring CI/CD pipelines or Docker deployments with secrets. Triggers: API key, OAuth, client secret, token, credentials, .env, environment variables, secret, password, authentication setup, third-party integration.
Kiwi-user authentication integration for frontend (login flows, token storage, refresh) and backend (token verification via API or public key, auth middleware, user ID extraction).
Assume AWS IAM role for CloudFormation operations and set temporary credentials as environment variables. Use when working with CloudFormation stacks or when authentication setup is needed before AWS CloudFormation operations.
This skill should be used when the user asks to "deploy to castari", "deploy my agent", "deploy agent to production", "castari deploy", "push agent to castari", "ship my agent", "set up castari", or needs help with Castari CLI installation, authentication, agent scaffolding, or deployment to cloud sandboxes.
Use when integrating Cardano wallets with MeshJS SDK. Covers browser wallet connection (CIP-30) for Eternl, Nami, Lace, Flint, and Yoroi, headless server-side wallets from mnemonic or private keys, transaction signing, CIP-8 data signing for authentication, multi-signature workflows, and React wallet integration patterns.
Security audit checklist based on OWASP Top 10 and best practices. Covers authentication, injection, XSS, CSRF, secrets management, and more. Use when reviewing security, before deploy, asking "is this secure", "security check", "vulnerability".
Complete Convex development mastery — functions (queries, mutations, actions, HTTP actions), schema design, index optimization, argument/return validation, authentication, security patterns, error handling, file storage, scheduling, crons, aggregates, OCC handling, denormalization, TypeScript best practices, and production-ready code organization. The definitive Convex skill. Use when building any Convex backend: writing functions, designing schemas, optimizing queries, handling auth, adding real-time features, setting up webhooks, scheduling jobs, managing file uploads, or reviewing/fixing Convex code. Triggers on: convex, query, mutation, action, ctx.db, defineSchema, defineTable, v.id, v.string, v.object, withIndex, ConvexError, internalMutation, httpAction, ctx.scheduler, ctx.storage, OCC, convex best practices, convex functions, convex schema, convex performance, "how do I do X in Convex".
Performs comprehensive security audits of KrakenD configurations to identify vulnerabilities, authentication gaps, and security best practices violations with Flexible Configuration support
Diagnoses and fixes IPv6 DNS issues causing clients to connect to Cloudflare OAuth instead of using local network access. Use when services show OAuth login prompt on local WiFi, slow initial connection followed by authentication, or Chrome shows "error with retry". Triggers on "connecting to Cloudflare instead of local", "OAuth prompt on WiFi", "IPv6 DNS issue", "clients prefer IPv6", "disable IPv6 DNS", or "fix local access". Works with Pi-hole FTLCONF_misc_dnsmasq_lines filter-AAAA configuration and client DNS cache management.
Build cross-platform VoIP calling apps with Flutter using Telnyx WebRTC SDK. Covers authentication, making/receiving calls, push notifications (FCM + APNS), call quality metrics, and AI Agent integration. Works on Android, iOS, and Web.
Go programming language skill for writing idiomatic Go code, code review, error handling, testing, concurrency, security, and program design. Use when writing Go code, reviewing Go PRs, debugging Go tests, fixing Go errors, designing Go APIs, implementing security-sensitive code, handling user input, authentication, sessions, cryptography, or asking about Go best practices. Covers table-driven tests, error wrapping, goroutine patterns, interface design, generics, iterators, stdlib patterns up to Go 1.26, and OWASP security practices.
Comprehensive API security testing skill for REST, GraphQL, gRPC, and WebSocket APIs. This skill should be used when performing API penetration testing, testing for OWASP API Top 10 vulnerabilities, fuzzing API endpoints, testing authentication/authorization, and analyzing API specifications. Triggers on requests to test API security, pentest REST APIs, test GraphQL endpoints, analyze OpenAPI/Swagger specs, or find API vulnerabilities.