Runtime security validation including secret scanning, PII detection, prompt injection defense, audit logging, and output validation for AI agents. Use when validating user input, scanning for secrets, detecting PII, preventing data exfiltration, or implementing security guardrails.
Comprehensive guide for integrating Semaphore V4 zero-knowledge protocol. Use when developing anonymous voting systems, privacy-preserving authentication, ZK proofs, smart contracts with group membership verification, or implementing Semaphore SDK features (Identity management, Group operations, Proof generation/verification). Also use when modifying, upgrading, or debugging existing Semaphore integrations.
Comprehensive guide to access audits, periodic reviews, anomaly detection, and segregation of duties for compliance and security.
Execute review crypto wallet security including private key management and transaction signing. Use when auditing wallet security practices. Trigger with phrases like "audit wallet", "check security", or "verify signatures".
Provides expert security analysis, vulnerability assessment, and threat modeling. Use for security reviews, OWASP analysis, auth/authorization assessment, compliance posture, or attack surface analysis. Produces consultant-style reports with prioritized remediation recommendations — does NOT write implementation code.
Comprehensive security analysis framework teaching STRIDE threat modeling, OWASP Top 10 vulnerabilities, CVSS risk scoring, and secure coding patterns. Use when conducting security assessments, code reviews, threat modeling, or implementing security controls. Applicable to all development work requiring security consideration.
Expert security engineering covering application security, infrastructure security, threat modeling, penetration testing, and compliance.
Audit architecture and code for cloud-native reliability, security, operability, and performance. Use for architecture reviews or delivery-readiness audits requiring an Architecture & Code Audit Report and actionable work items.
Supabase RLS Security Auditor that prevents data leaks between shops. Use when adding tables, modifying policies, or reviewing multi-tenant security.
Provides patterns and guidance for implementing user-scoped data filtering and multi-tenancy in web applications. Use this skill when you need to: (1) Restrict data access based on user identity, (2) Implement ownership checks for database operations, (3) Build multi-tenant applications with organization-level data scoping, (4) Implement admin bypass for viewing all data, (5) Create audit trails for data access. This skill focuses on Python, FastAPI, and SQLAlchemy.
Automatically applies when securing AI/LLM applications. Ensures prompt injection detection, PII redaction for AI contexts, output filtering, content moderation, and secure prompt handling.
Handles user authentication, profile management, and personalized features using BetterAuth for the Physical AI & Humanoid Robotics textbook.
Comprehensive Amazon Bedrock Guardrails implementation for AI safety with 6 safeguard policies (content filters, PII redaction, topic denial, word filters, contextual grounding, automated reasoning). Use when implementing content moderation, detecting prompt attacks, preventing hallucinations, protecting sensitive data, enforcing compliance policies, or securing generative AI applications with mathematical verification.
Supabase schema validation, RLS enforcement, and API security best practices.
Expert assistant for validating and creating Row Level Security (RLS) policies in the KR92 Bible Voice Supabase database. Use when creating RLS policies, validating user data protection, checking admin access, or identifying security gaps.
Comprehensive Supabase security auditor for RLS policies, table privileges (GRANTs), and access control validation. Use when: - Auditing database security (RLS + GRANTs) - Generating access matrix (who can SELECT/INSERT/UPDATE/DELETE which tables) - Finding security gaps (missing RLS, overly permissive GRANTs) - Validating PostgREST access patterns - Creating security documentation for Docs/context/ - Creating RLS policies for new or existing tables - Validating user data protection - Checking admin access patterns - Identifying security vulnerabilities Triggers: "security audit", "access matrix", "who can update", "missing RLS", "check grants", "security gaps", "table permissions", "RLS policy", "row level security", "validate security", "user data protection", "admin access"
Expert assistant for validating and creating Row Level Security (RLS) policies in the KR92 Bible Voice Supabase database. Use when creating RLS policies, validating user data protection, checking admin access, or identifying security gaps.
Hybrid permission system - role-based + user overrides, frontend/backend patterns
Authentication and authorization patterns using Clerk and RBAC
API versioning, security, authentication, rate limiting, monitoring, error handling, and documentation strategies for production APIs. Use when planning API infrastructure, implementing security concerns, or designing monitoring strategies.
Teach Data Access Layer pattern to prevent CVE-2025-29927 middleware authentication bypass. Use when implementing authentication, authorization, protecting routes, or working with server actions that need auth.
Backend API authentication patterns with Clerk JWT middleware and route protection. Use when building REST APIs, GraphQL APIs, protecting backend routes, implementing JWT validation, setting up Express middleware, or when user mentions API authentication, backend security, JWT tokens, or protected endpoints.
Implement secure authentication bridge between Better Auth (Next.js frontend) and FastAPI (Python backend) using JWKS JWT token verification. Use this skill when users need to (1) Integrate Better Auth with FastAPI backend, (2) Implement JWT authentication with JWKS verification, (3) Set up user isolation and authorization in FastAPI endpoints, (4) Configure frontend to send authenticated API requests, or (5) Troubleshoot Better Auth + FastAPI authentication issues.
