Enforces explicit user permission before any file deletion. Activates when you're about to use rm, unlink, fs.rm, or any operation that removes files from disk. MUST be followed for all delete operations.
Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications.
How to review PRs for security — credentials, injection, workflow permissions, supply chain, git operation safety
Apply Clay security best practices for API keys, webhook secrets, and data access control. Use when securing Clay integrations, rotating API keys, auditing access, or implementing webhook authentication. Trigger with phrases like "clay security", "clay secrets", "secure clay", "clay API key security", "clay webhook security".
Audit wallet security by analyzing token approvals, permissions, and transaction patterns. Use when checking wallet security, reviewing approvals, or assessing risk exposure. Trigger with phrases like "audit wallet", "check approvals", "security scan", or "revoke tokens".
Execute automate SOC 2 audit preparation including evidence gathering, control assessment, and compliance gap identification. Use when you need to prepare for SOC 2 audits, assess Trust Service Criteria compliance, document security controls, or generate readiness reports. Trigger with phrases like "SOC 2 audit preparation", "SOC 2 readiness assessment", "collect SOC 2 evidence", or "Trust Service Criteria compliance".
Apply Vast.ai security best practices for API keys and instance access. Use when securing API keys, hardening SSH access to GPU instances, or auditing Vast.ai security configuration. Trigger with phrases like "vastai security", "vastai secrets", "secure vastai", "vastai API key security", "vastai ssh security".
Apply Perplexity security best practices for API key management and query safety. Use when securing API keys, implementing query sanitization, or auditing Perplexity security configuration. Trigger with phrases like "perplexity security", "perplexity secrets", "secure perplexity", "perplexity API key security", "perplexity PII".
Set up Kling AI API authentication with JWT tokens. Use when starting a new Kling AI integration or troubleshooting auth issues. Trigger with phrases like 'kling ai setup', 'klingai api key', 'kling ai authentication', 'configure klingai'.
Implement security best practices for Lindy AI agents and integrations. Use when securing API keys, configuring agent permissions, verifying webhooks, or auditing agent access. Trigger with phrases like "lindy security", "secure lindy", "lindy API key security", "lindy permissions", "lindy audit".
Install and configure Vast.ai CLI and REST API authentication. Use when setting up a new Vast.ai integration, configuring API keys, or initializing Vast.ai GPU cloud access in your project. Trigger with phrases like "install vastai", "setup vastai", "vastai auth", "configure vastai API key", "vastai gpu setup".
Install and configure Perplexity Sonar API authentication. Use when setting up a new Perplexity integration, configuring API keys, or initializing the OpenAI-compatible client for Perplexity. Trigger with phrases like "install perplexity", "setup perplexity", "perplexity auth", "configure perplexity API key", "perplexity sonar setup".
Install and configure LangChain SDK with provider authentication. Use when setting up a new LangChain project, configuring API keys for OpenAI/Anthropic/Google, or initializing @langchain/core in Node.js or Python. Trigger: "install langchain", "setup langchain", "langchain auth", "configure langchain API key", "langchain credentials".
Retell AI install auth — AI voice agent and phone call automation. Use when working with Retell AI for voice agents, phone calls, or telephony. Trigger with phrases like "retell install auth", "retellai-install-auth", "voice agent".
Build secure API authentication systems with OAuth2, JWT, API keys, and session management. Use when implementing secure authentication flows. Trigger with phrases like "build authentication", "add API auth", or "secure the API".
Implement Supabase database webhooks, pg_net async HTTP, LISTEN/NOTIFY, and Edge Function event handlers with signature verification. Use when setting up database webhooks for INSERT/UPDATE/DELETE events, sending HTTP requests from PostgreSQL triggers, handling Realtime postgres_changes as an event source, or building event-driven architectures. Trigger with phrases like "supabase webhook", "database events", "pg_net trigger", "supabase LISTEN NOTIFY", "webhook signature verify", "supabase event-driven", "supabase_functions.http_request".
Validate use when validating GitHub Actions workflows for Google Cloud and Vertex AI deployments. Trigger with phrases like "validate github actions", "setup workload identity federation", "github actions security", "deploy agent with ci/cd", or "automate vertex ai deployment". Enforces Workload Identity Federation (WIF), validates OIDC permissions, ensures least privilege IAM, and implements security best practices.
Validate dependency vulnerability checker operations. Auto-activating skill for Security Fundamentals. Triggers on: dependency vulnerability checker, dependency vulnerability checker Part of the Security Fundamentals skill category. Use when working with dependency vulnerability checker functionality. Trigger with phrases like "dependency vulnerability checker", "dependency checker", "dependency".
Implement audit logging for OpenRouter API calls. Use when building compliance trails, debugging production issues, or tracking model usage. Triggers: 'openrouter audit', 'openrouter logging', 'audit trail openrouter', 'log openrouter requests'.
Validate WCAG compliance and accessibility standards (ARIA, keyboard navigation). Use when auditing WCAG compliance or screen reader compatibility. Trigger with phrases like "scan accessibility", "check WCAG compliance", or "validate screen readers".
Validate yaml config validator operations. Auto-activating skill for DevOps Basics. Triggers on: yaml config validator, yaml config validator Part of the DevOps Basics skill category. Use when configuring systems or services. Trigger with phrases like "yaml config validator", "yaml validator", "yaml".
Execute this skill enables AI assistant to conduct a security-focused code review using the security-agent plugin. it analyzes code for potential vulnerabilities like sql injection, xss, authentication flaws, and insecure dependencies. AI assistant uses this skill wh... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
Manage incident response for Clerk authentication issues. Use when handling auth outages, security incidents, or production authentication problems. Trigger with phrases like "clerk incident", "clerk outage", "clerk down", "auth not working", "clerk emergency".
Set up Clay account access, API keys, webhook URLs, and provider connections. Use when onboarding to Clay, connecting data providers, configuring API keys, or setting up webhook endpoints for programmatic data flow. Trigger with phrases like "install clay", "setup clay", "clay auth", "configure clay API key", "connect clay providers".
