Loading...
Loading...
Found 181 Skills
Django access control and IDOR security review. Use when reviewing Django views, DRF viewsets, ORM queries, or any Python/Django code handling user authorization. Trigger keywords: "IDOR", "access control", "authorization", "Django permissions", "object permissions", "tenant isolation", "broken access".
iOS 16+ Screen Time engineering skill for FamilyControls, ManagedSettings, ManagedSettingsUI, ScreenTime, and DeviceActivity/DeviceActivityMonitor extension workflows. Use for app and website blocking, custom shields, shield action handling, schedule-based enforcement, onboarding authorization flows, usage analytics reports, entitlement setup, App Review readiness, debugging, and production hardening.
Writes Pest feature tests for Laravel HTTP controllers using repeatable controller-test patterns across web/session and API/JSON flows. Activates when creating or updating controller tests, nested resource route tests at any depth, CRUD action tests (create, destroy, edit, index, show, store, update), authorization and route-binding scope checks, validation datasets, transport-specific response assertions, and database persistence assertions.
OAuth 2.0 and OpenID Connect authentication with secure flows. Use for third-party integrations, SSO systems, token-based API access, or encountering authorization code flow, PKCE, token refresh, scope management errors.
IPA guideline-compliant security diagnostic and review skill for Laravel/React applications. Use when performing security checks during code implementation or review. Diagnoses 11 vulnerability types (SQL injection, XSS, CSRF, etc.), provides safe code examples, and performs checklist-based validation. Works in conjunction with .claude/rules/security/ to provide concrete diagnostic workflows during implementation phases. Triggers when: (1) reviewing code for security vulnerabilities, (2) implementing authentication/authorization, (3) handling user input/output, (4) working with sessions/cookies, (5) processing files or executing commands, (6) creating forms or APIs, (7) performing security audits.
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).
Create, read, and manage Feishu tasks with automatic user authorization. Use when you need to create tasks that your user can directly edit, read task lists, manage task details, or check calendar events. Supports automatic token refresh and persistence across sessions. All operations are performed with user identity, ensuring proper permissions.
Guide for building SumUp payment integrations that cover both terminal (card-present) and online (card-not-present) checkout flows using SumUp SDKs and APIs. Use when implementing or debugging SumUp checkout creation, payment processing, reader pairing, Card Widget integrations, Cloud API reader checkouts, or authorization setup with API keys/OAuth and Affiliate Keys.
Application security covering threat modeling (STRIDE), OWASP Top 10 (2025), OWASP API Security Top 10 (2023), secure coding review, authentication/authorization patterns, input validation, encryption, security headers, supply chain security, compliance (GDPR/HIPAA/SOC2/PCI-DSS), and security monitoring. Use when reviewing code for vulnerabilities, implementing auth patterns, securing APIs, configuring security headers, hardening supply chain, preventing injection attacks, or preparing for compliance audits.
Use when reviewing code security, auditing dependencies for CVEs, checking configuration or secret security, assessing authentication and authorization patterns, identifying OWASP vulnerabilities (injection, XSS, CSRF), or addressing security concerns about implementations.
Audit authentication and authorization patterns. Checks JWT, sessions, OAuth2, PKCE implementations for security best practices and common vulnerabilities.
TypeScript authentication framework (framework-agnostic). Features: email/password, OAuth (Google, GitHub, Discord), 2FA (TOTP, SMS), passkeys/WebAuthn, session management, RBAC, rate limiting, database adapters. Actions: implement, configure, secure authentication systems. Keywords: Better Auth, authentication, authorization, OAuth, email/password, 2FA, MFA, TOTP, passkeys, WebAuthn, session management, RBAC, rate limiting, database adapter, TypeScript auth, social login, Google auth, GitHub auth, Discord auth, email verification, password reset. Use when: implementing TypeScript auth, adding OAuth providers, setting up 2FA/MFA, managing sessions, configuring RBAC, building secure auth systems.