[AUTO-INVOKE] MUST be invoked BEFORE deploying DeFi contracts (DEX, lending, staking, LP, token). Covers anti-whale, anti-MEV, flash loan protection, launch checklists, and emergency response. Trigger: any deployment or security review of DeFi-related contracts.
Pedantic backend pre-commit and atomic commit Skill for Django/Optimo-style repos. Enforces local AGENTS.md / CLAUDE.md, pre-commit hooks, .security/* helpers, and Monty’s backend engineering taste – with no AI signatures in commit messages.
Comprehensive smart contract security audit framework with multi-expert analysis. Use for full audits of Solidity, Anchor, or Vyper projects.
Comprehensive infrastructure security audit framework for IaC, Docker, Kubernetes, and cloud configurations. Use for full infrastructure audits.
Container Security Auditor - Auto-activating skill for Security Advanced. Triggers on: container security auditor, container security auditor Part of the Security Advanced skill category.
Secure coding practices for TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.
Set up local Web3 development workflow with Alchemy, Hardhat, and testnets. Use when configuring local blockchain dev, testing with Sepolia faucets, or setting up hot-reload for smart contract development. Trigger: "alchemy local dev", "alchemy hardhat", "alchemy testnet setup".
Security practices for React (XSS, Auth, Dependencies). Use when preventing XSS, securing auth flows, or auditing third-party dependencies in React. (triggers: **/*.tsx, **/*.jsx, dangerouslySetInnerHTML, token, auth, xss)
Apply Bright Data security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Bright Data security configuration. Trigger with phrases like "brightdata security", "brightdata secrets", "secure brightdata", "brightdata API key security".
Deploy Electric via Docker, Docker Compose, or Electric Cloud. Covers DATABASE_URL (direct connection, not pooler), ELECTRIC_SECRET (required since v1.x), ELECTRIC_INSECURE for dev, wal_level=logical, max_replication_slots, ELECTRIC_STORAGE_DIR persistence, ELECTRIC_POOLED_DATABASE_URL for pooled queries, IPv6 with ELECTRIC_DATABASE_USE_IPV6, Kubernetes readiness probes (200 vs 202), replication slot cleanup, and Postgres v14+ requirements. Load when deploying Electric or configuring Postgres for logical replication.
Implement Bright Data webhook signature validation and event handling. Use when setting up webhook endpoints, implementing signature verification, or handling Bright Data event notifications securely. Trigger with phrases like "brightdata webhook", "brightdata events", "brightdata webhook signature", "handle brightdata events", "brightdata notifications".
Use when encrypting data, signing payloads, verifying signatures, generating keys, using Secure Enclave, migrating from CommonCrypto, or adopting quantum-secure cryptography. Covers CryptoKit design philosophy, AES-GCM, ECDSA, ECDH, Secure Enclave keys, HPKE, ML-KEM, ML-DSA, and cross-platform interop with Swift Crypto.
Apply modern web development best practices for security, compatibility, and code quality. Use when the task involves `apply best practices`, `security audit`, `modernize code`, `code quality review`, or `check for vulnerabilities`.
Automated security auditing of project dependencies to identify known vulnerabilities.
Smart contract and secure API contract security analysis — invariant checking, access control, reentrancy, and integer overflow patterns. Implements Checks-Effects-Interactions pattern, formal invariant verification, and OpenSCV vulnerability taxonomy for Solidity/EVM and Rust/Solana contracts.
Thin worker bootstrap prompt. Read Multorum's shipped worker methodology before acting.
Use when designing or changing event contracts for this repo. Covers mandatory upstream schema review, required JSON Structure Core and extension-spec study, exhaustive field descriptions from upstream docs, CloudEvents modeling, xreg message groups, stable subject and Kafka key selection, JsonStructure extension usage, regeneration with xrcg 0.10.1, and EVENTS.md refresh.
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
KuCoin Futures trading using the KuCoin API. Futures market data, orders, positions, and funding fees. Authentication requires API Key, API Secret, and Passphrase.
SAFT (Simple Agreement for Future Tokens) review and advisory skill for crypto founders, token issuers, and investors. Use when user (1) uploads a SAFT/token warrant for review, (2) asks questions about how SAFTs work, (3) requests to draft a SAFT, or (4) asks about token fundraising structures. Triggers on keywords like SAFT, token warrant, token side letter, future tokens, token sale, ICO, TGE, token generation event, vesting, lockup, crypto fundraising.
