Loading...
Loading...
Found 1,327 Skills
Implement identity and access management. Use when designing authentication, authorization, or user management. Covers OAuth2, OIDC, and RBAC.
Documentation-driven project development workflow. Intelligently determines task types, executes existing plans or generates new plans using feature-dev. **Use Cases:** - Complete project documentation exists, need to execute development tasks - User specifies to execute a certain plan (e.g., "Execute plan 001") - User requests to develop new features (automatically uses feature-dev to generate plans) **Prerequisites:** - The project should already have a docs/ documentation structure (PRD, SAD, etc.) - For new projects, it is recommended to first use the project-docs-setup skill to create complete documentation - If plan formulation is needed, it is recommended to use the project-planning skill **Relationship with Other Skills:** - project-docs-setup: Creates project documentation structure - project-planning: Formulates development plans (requirement clarification + design discussion + plan writing) - project-workflow: Executes development plans + updates documentation - Recommended workflow: project-docs-setup → project-planning → project-workflow **Trigger Methods:** - "Execute plan 001" / "Continue 001-user-authentication" - "Start development" / "Execute plan" / "Continue last task"
Pattern for client components calling server actions to set cookies in Next.js. Covers the two-file pattern of a client component with user interaction (onClick, form submission) that calls a server action to modify cookies. Use when building features like authentication, preferences, or session management where client-side triggers need to set/modify server-side cookies.
Security auditing for code vulnerabilities (OWASP Top 10, XSS, SQL injection) and dependency scanning (pnpm audit, Snyk). Use when handling user input, adding authentication, before deployments, or resolving CVEs.
Plan and build production-ready FastAPI endpoints with async SQLAlchemy, Pydantic v2 models, dependency injection for auth, and pytest tests. Uses interview-driven planning to clarify data models, authentication method, pagination strategy, and caching before writing any code.
Identify security vulnerabilities and anti-patterns providing feedback on security issues a senior developer would catch. Use when user mentions security/vulnerability/safety concerns, code involves user input/authentication/data access, working with sensitive data (passwords/PII/financial), code includes SQL queries/file operations/external API calls, user asks about security best practices, or security-sensitive files are being modified (auth, payment, data access).
Test REST and GraphQL API endpoints with structured assertions and reporting. Use when a user asks to test an API, hit an endpoint, check if an API works, validate a response, debug an API call, test authentication flows, or verify API contracts. Supports GET, POST, PUT, PATCH, DELETE with headers, body, auth, and response validation.
Apply React Router 7 framework mode best practices including server-first data fetching, type-safe loaders/actions, proper hydration strategies, middleware authentication, handle metadata, useMatches/useRouteLoaderData hooks, and maximum type safety. Use when working with React Router 7 framework mode, implementing loaders, actions, route protection, breadcrumbs, streaming with Suspense/Await, URL search params, form validation, optimistic UI, resource routes (API endpoints), route configuration, or building SSR applications.
Debug and resolve common Gamma API errors. Use when encountering authentication failures, rate limits, generation errors, or unexpected API responses. Trigger with phrases like "gamma error", "gamma not working", "gamma API error", "gamma debug", "gamma troubleshoot".
Implements CSRF protection using synchronizer tokens, double-submit cookies, and SameSite attributes. Use when securing web forms, protecting state-changing endpoints, or implementing defense-in-depth authentication.
Enforce secure secrets management across all platforms. Never hardcode OAuth2 secrets, API keys, tokens, passwords, or credentials in source code. Store all secrets in .env files, load from environment variables, and ensure .env is gitignored. Use this skill when: (1) writing any code that uses API keys, OAuth2 client secrets, tokens, or credentials, (2) setting up authentication or third-party integrations, (3) creating new projects that need environment configuration, (4) reviewing code for security issues related to secrets, (5) configuring CI/CD pipelines or Docker deployments with secrets. Triggers: API key, OAuth, client secret, token, credentials, .env, environment variables, secret, password, authentication setup, third-party integration.
Complete Convex development mastery — functions (queries, mutations, actions, HTTP actions), schema design, index optimization, argument/return validation, authentication, security patterns, error handling, file storage, scheduling, crons, aggregates, OCC handling, denormalization, TypeScript best practices, and production-ready code organization. The definitive Convex skill. Use when building any Convex backend: writing functions, designing schemas, optimizing queries, handling auth, adding real-time features, setting up webhooks, scheduling jobs, managing file uploads, or reviewing/fixing Convex code. Triggers on: convex, query, mutation, action, ctx.db, defineSchema, defineTable, v.id, v.string, v.object, withIndex, ConvexError, internalMutation, httpAction, ctx.scheduler, ctx.storage, OCC, convex best practices, convex functions, convex schema, convex performance, "how do I do X in Convex".