security
9.9K
douyin-upload
当 agent 需要通过已安装的 `sau` CLI 完成抖音登录、cookie 校验、视频上传或图文发布时使用这个 skill。该 skill 适用于已经安装 `social-auto-upload` 且可调用 `sau` 命令的环境。优先使用这个 skill 进行稳定的命令式抖音工作流,而不是一开始就阅读 uploader 源码。
dreammis
testing-security
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
9.5K
unopim-credential-management
Implement credential storage, API connection testing, secure field handling, history tracking, and full CRUD for Unopim third-party connector modules. Covers Credential model with HistoryTrait and extras JSON, Contract interface, CredentialRepository, CredentialController with JsonResponse, FormRequest validation, DataGrid, and migration with DB_PREFIX. Use this skill when building the credentials section of any Unopim connector (WooCommerce, Shopify, Shopware, module, etc.).
unopim
testing-security
security
8.8K
create-new-gosec-rule
Propose and implement a new generic gosec rule from a Go security issue description.
securego
testing-security
security
8.6K
skill-scanner
Scan agent skills for security issues. Use when asked to "scan a skill", "audit a skill", "review skill security", "check skill for injection", "validate SKILL.md", or assess whether an agent skill is safe to install. Checks for prompt injection, malicious scripts, excessive permissions, secret exposure, and supply chain risks.
getsentry
testing-security
security
8.1K
secure-code-guardian
Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities — including custom security implementations such as hashing passwords with bcrypt/argon2, sanitizing SQL queries with parameterized statements, configuring CORS/CSP headers, validating input with Zod, and setting up JWT tokens. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention, secure session management, and security hardening. For pre-built OAuth/SSO integrations or standalone security audits, consider a more specialized skill.
Jeffallan
testing-security
security
8K
webiny-admin-permissions
Admin-side permission UI registration and DI-backed permission checking. Use this skill when adding permission controls to the admin UI — schema-based auto-generated forms, injectable permissions via createPermissionsAbstraction/ createPermissionsFeature, typed hooks (createUsePermissions), the HasPermission component (createHasPermission), and the Security.Permissions component props. Covers both simple apps and complex multi-entity permission schemas.
webiny
testing-security
security
8K
webiny-configure-auth0
Configuring Auth0 as an identity provider (IDP) for Webiny projects. Use this skill when the developer asks about Auth0 authentication, Auth0 SSO, replacing Cognito with Auth0, setting up external identity providers, configuring OIDC authentication, mapping JWT claims to Webiny identities, or customizing the Auth0 login flow. Also relevant when asking about AUTH0_ISSUER, AUTH0_CLIENT_ID environment variables, Auth0IdpConfig, or the MyAuth0Extension pattern.
webiny
testing-security
security
8K
webiny-configure-okta
Configuring Okta as an identity provider (IDP) for Webiny projects. Use this skill when the developer asks about Okta authentication, Okta SSO, replacing Cognito with Okta, setting up external identity providers, configuring OIDC authentication, mapping JWT claims to Webiny identities, or customizing the Okta login flow. Also relevant when asking about OKTA_ISSUER, OKTA_CLIENT_ID environment variables, OktaIdpConfig, or the MyOktaExtension pattern.
webiny
testing-security
security
8K
webiny-api-security-catalog
API — Security & Auth — 53 abstractions. Authentication, API keys, roles, users, teams event handlers and use cases.
webiny
testing-security
security
7.5K
python-ocr-backend-integration
python ocr uackend integration
kreuzberg-dev
testing-security
security
6.8K
oauth
Configure OAuth providers (Google, Apple, Microsoft, Facebook, GitHub, etc.) to work with portless local dev URLs. Use when setting up OAuth redirect URIs, fixing "redirect_uri_mismatch" or "invalid redirect" errors, configuring sign-in providers for local development, or when a provider rejects .localhost subdomains. Triggers include "OAuth not working with portless", "redirect URI mismatch", "Google/Apple/Microsoft sign-in fails locally", "configure OAuth for local dev", or any task involving OAuth callback URLs with portless domains.
vercel-labs
testing-security
security
5.7K
socialite-development
Manages OAuth social authentication with Laravel Socialite. Activate when adding social login providers; configuring OAuth redirect/callback flows; retrieving authenticated user details; customizing scopes or parameters; setting up community providers; testing with Socialite fakes; or when the user mentions social login, OAuth, Socialite, or third-party authentication.
laravel
testing-security
security
5.1K
verify-security
安全校验关卡。自动扫描代码安全漏洞,检测危险模式,确保安全决策有文档记录。当用户提到安全扫描、漏洞检测、安全审计、代码安全、OWASP、注入检测、敏感信息泄露时使用。在新建模块、安全相关变更、攻防任务、重构完成时自动触发。
fengshao1227
testing-security
security
5K
upgrade-megatron-core
Upgrade Megatron-Core in AReaL by auditing affected APIs, cross-referencing upstream sources, and updating call sites.
inclusionAI
testing-security
security
5K
upgrade-vllm
Upgrade vLLM in AReaL by auditing affected APIs, cross-referencing upstream sources, and updating call sites.
inclusionAI
testing-security
security
4.7K
skill-vetter
Security-first skill vetting protocol for AI agents. Use before installing any skill from the platform skill market, skillhub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns to determine whether a skill is safe to install.
dtyq
testing-security
security
4.5K
insecure-defaults
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
trailofbits
testing-security
security
4.4K
better-auth-security-best-practices
Configure rate limiting, manage auth secrets, set up CSRF protection, define trusted origins, secure sessions and cookies, encrypt OAuth tokens, track IP addresses, and implement audit logging for Better Auth. Use when users need to secure their auth setup, prevent brute force attacks, or harden a Better Auth deployment.
EpicenterHQ
testing-security