username-retrieval-service
Retrieve username data through secure verification protocols.
auth-patterns
Supabase authentication patterns including getUser vs getSession, deadlock avoidance, session handling, and bypass patterns. Use when working with auth, sessions, cookies, or encountering auth hangs/timeouts. Keywords: auth, getUser, getSession, session, deadlock, timeout, cookie, token, Web Locks.
stix2-validator
Validate STIX 2.1 JSON files and bundles against the STIX specification. Use when validating threat intelligence data, checking STIX bundle integrity before ingestion, verifying indicator/malware/attack-pattern objects have required fields, or bulk-validating directories of STIX files. Provides detailed error reports showing which objects failed and why.
security-lens
Apply security awareness during code review and implementation. Catches common vulnerabilities without requiring full security audit.
auth-provider
认证提供商统一接口,支持 Supabase Auth、Clerk、Firebase Auth 等主流认证服务。 提供用户注册、登录、OAuth、会话管理、权限验证等功能。
security-scanner
Comprehensive security scanner for vulnerabilities, hardcoded secrets, and OWASP Top 10 issues
security-review
Auditoría de seguridad OWASP Top 10. Usar para revisar código en busca de vulnerabilidades, validar autenticación/autorización, analizar input sanitization, detectar SQL injection, XSS, CSRF y otras vulnerabilidades comunes.
supabase-rls-policy-generator
This skill should be used when the user requests to generate, create, or add Row-Level Security (RLS) policies for Supabase databases in multi-tenant or role-based applications. It generates comprehensive RLS policies using auth.uid(), auth.jwt() claims, and role-based access patterns. Trigger terms include RLS, row level security, supabase security, generate policies, auth policies, multi-tenant security, role-based access, database security policies, supabase permissions, tenant isolation.
secrets-management
Manages API keys, credentials, and sensitive configuration using secrets.json patterns with environment variable fallbacks. Use when working with API keys, credentials, .env files, or any sensitive configuration.
tg-permissions
Permission and access control patterns for the World of Darkness Django application. Use when implementing view permissions, checking user access levels, creating limited forms for owners, using PermissionManager vs is_st(), or working with view mixins. Triggers on permission checks, ST-only features, owner restrictions, or access control logic.
spring-security
Secure Spring Boot applications - authentication, authorization, OAuth2, JWT, CORS/CSRF protection
profile-switch
保存済みの Google 認証プロファイルを切り替える。「アカウント切替」「プロファイル変更」「別アカウントで使いたい」「Google アカウントを変える」「認証を切り替え」などで起動。
security-auditor
Performs comprehensive security audits of KrakenD configurations to identify vulnerabilities, authentication gaps, and security best practices violations with Flexible Configuration support
better-auth-best-practices
Skill for integrating Better Auth - the comprehensive TypeScript authentication framework.
security-review
Security audit checklist and best practices for bCommGuard WhatsApp bot
security-auditor
Review code for vulnerabilities, implement secure authentication, and ensure OWASP compliance. Handles JWT, OAuth2, CORS, CSP, and encryption. Use PROACTIVELY for security reviews, auth flows, or vulnerability fixes.
