Enterprise-grade zero-knowledge client-side encryption implementation with Web Crypto API, PBKDF2 key derivation, AES-256-GCM encryption, and RSA-OAEP authentication for SvelteKit applications requiring maximum privacy and security.
Genera sistema completo de autenticación para Django con registro, login, verificación de email, recuperación de contraseña, social auth y protección de vistas. Usa django-allauth y best practices de seguridad.
Create shared HTTP clients in src/clients/ for Output SDK workflows. Use when integrating external APIs, creating service wrappers, or standardizing HTTP operations.
JWT (JSON Web Token) authentication skill for Python web applications. Use when: (1) Implementing token-based authentication, (2) Creating login/register endpoints, (3) Setting up access and refresh tokens, (4) Adding password hashing with Argon2/bcrypt, (5) Creating protected route dependencies, (6) Implementing role-based access control (RBAC), (7) Adding OAuth2 scopes, (8) Token blacklisting/revocation strategies.
Framework-agnostic frontend security guide based on OWASP. Use when implementing security in web applications, reviewing frontend code for vulnerabilities, or working with client-side authentication, XSS prevention, CSRF protection, or secure storage. Covers browser security features, client-side validation, and security headers.
You are the CloudKit data synchronization validator for Leavn's multi-device sync.
Security patterns and OWASP checklist. Auto-loads when handling auth, user input, API security, or reviewing code for vulnerabilities.
보안 리뷰 수행. 취약점 점검, OWASP Top 10, 시크릿 노출, 의존성 보안 검토
Generate JWT authentication configuration and utilities for API security. Triggers on "create jwt config", "generate jwt authentication", "jwt setup", "token auth config".
セキュアな開発・運用のための実装指針、機密情報管理、通信の確保、入力値検証、依存ライブラリ管理のガイドラインを定義する。セキュリティ実装時、認証・認可実装時、API開発時、またはユーザーがセキュリティ、機密情報、暗号化、XSS対策、SQL injection、脆弱性管理に言及した際に使用する。
Use when user requests autonomous operation or AUTO_MODE. Guide through authorization and activation via policy discovery.
Implement authentication with Scalekit for web applications, APIs, and MCP servers. Supports full-stack auth, modular SSO (SAML/OIDC), and MCP OAuth 2.1. Handles login, SSO, session management, token validation, and enterprise identity providers. Works with Node.js, Express, Next.js, Python, FastAPI, and MCP servers. Use when implementing authentication, adding SSO, securing APIs, or protecting MCP servers.
Secure credential handling using macOS Keychain. Use when working with API keys, passwords, tokens, or any sensitive data. Triggers: 'API key', 'credentials', 'secret', 'password', 'token', 'authenticate'.
Scan code for security vulnerabilities. Use after implementation changes.
OAuth 2.1 compliance checklist for authorization servers. Use when implementing OAuth 2.1 beyond OpenID Connect Basic OP requirements, verifying OAuth 2.1 specific features, or understanding differences from OAuth 2.0. Covers all OAuth 2.1 draft-ietf-oauth-v2-1-14 requirements not in Basic OP.
Use when OAuth tokens expire frequently, need automatic token refresh, YouTube/Google API integration, or when workflows fail due to expired credentials
Apply the Agent OS standard for global validation.
