security
0
ios-signing
iOSアプリのコード署名・プロビジョニング支援。証明書管理、Provisioning Profile管理、Keychain設定、CI/CD環境での署名設定など、コード署名に関する包括的なサポートを提供する。「署名エラーを解決したい」「証明書を更新したい」「CIで署名を設定したい」と言った時に使用する。
CAPHTECH
testing-security
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
0
oauth21-token-endpoint
OAuth 2.1 Token Endpoint implementation guide. Use when implementing token endpoint requirements beyond OpenID Connect, including grant types, token response format, Cache-Control headers, CORS support, and error handling. Covers OAuth 2.1 Section 3.2 and Section 4 requirements.
maronnjapan
testing-security
security
0
authorisation
Security pattern for implementing access control and authorization. Use when designing permission systems, implementing RBAC/ABAC, preventing unauthorized access, addressing privilege escalation, or ensuring users can only perform allowed actions on permitted resources. Addresses "Entity performs disallowed action" problem.
igbuend
testing-security
security
0
genfeed-scope-validator
Validate workflows and node requests against Genfeed OSS core scope. Ensures only OSS-included nodes are used and flags Cloud-only features. Use before implementing workflows or when users request new nodes.
genfeedai
testing-security
security
0
sso-guide
SSO integration guidance for fort-nix services. Use when adding authentication to a service, choosing an SSO mode, configuring oauth2-proxy, or troubleshooting auth issues. Triggers on fort.cluster.services sso config, oauth2-proxy setup, OIDC integration, or auth header injection.
gisikw
testing-security
security
0
auth-verify
Authenticate to web app and verify session state with Chrome DevTools session sharing
rayzru
testing-security
security
0
cryptography-as-a-service
Security pattern for delegating cryptographic operations and key management to an external service. Use when designing systems that should not possess cryptographic keys directly. Implementation of Cryptographic Key Management pattern. Examples include Android Keystore, iOS KeyChain, AWS KMS, Azure Key Vault, Google Cloud KMS. Reduces risk of key leakage and cipher misconfiguration.
igbuend
testing-security
security
0
validate-starter-scripts
validation audit quality check startup initialization integrity
karchtho
testing-security
security
0
pact-security-patterns
CROSS-CUTTING: Security patterns and best practices for ALL PACT phases. Provides OWASP Top 10 guidance, authentication/authorization patterns, input validation, secure coding practices, secrets management, and security testing checklists. Use when: implementing authentication, handling user input, storing secrets, designing authorization, reviewing code for vulnerabilities, planning security tests.
v4lheru
testing-security
security
0
aws-sso-refresh
Automatically refresh AWS SSO authentication tokens when encountering expiration errors. Use when AWS MCP tools fail due to expired SSO sessions.
veelenga
testing-security
security
0
csrf-auth-debugger
Debug CSRF token issues and authentication problems including 403 Forbidden errors, cookie issues, JWT tokens, OAuth flows, and session management. Use when troubleshooting CSRF verification failed, 403 errors on POST requests, login not working, or token refresh issues.
allthriveai
testing-security
security
0
api-design-security
Design and implement secure admin APIs in Next.js 16 with hardened security, RBAC, CSRF protection, tenant isolation, and audit logging. Use when creating new admin API routes, implementing security controls, or ensuring API compliance with corporate security standards.
ArtisanClarinets
testing-security
security
0
symfony-sksecurity-zone
Create security zones and assign rights to profiles. Use when registering controllers.
Swoking
testing-security
security
0
1password-cli
Use this skill when working with the 1Password CLI (`op` command) for secrets management, retrieving API keys, injecting secrets into development environments, or any task involving 1Password vault operations. Triggers on: "1password", "op command", "secrets management", "api keys from vault", "op run", "op read", "service account token".
research-developer
testing-security
security
0
jwt-authentication
Generate JWTs for GitHub App authentication. Direct JWT generation for app-level operations, installation discovery, and bootstrapping workflows.
adaptive-enforcement-lab
testing-security
security
0
data-validation
Security pattern for input validation and sanitization. Use when implementing input handling, preventing injection attacks (SQL, XSS, command), ensuring data integrity, or processing data from untrusted sources. Addresses "Entity provides unexpected data" problem.
igbuend
testing-security
security
0
reverse-proxy
Manage incoming internet traffic and reverse proxy configuration on the home network gateway. Configure Caddy, OAuth2 authentication, fail2ban security, and traffic routing.
lakowske
testing-security
security
0
security-auditor
security-auditor skill Trigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVE Use when: User requests involve security auditor tasks.
gaebalai
testing-security
security
0
sdd-design-security
Design threat mitigation, input validation, and secure execution. Use when: sdd-design assigns Security Considerations section. Triggers: "security design", "threat model", "input validation", "xss prevention"
h2b-dev-studio
testing-security
security
0
crypto-audit
Audit cryptographic implementations for weak algorithms, insecure defaults, predictable randomness, key management issues, and timing attacks. Use when reviewing security-critical crypto code.
MAF2414
testing-security
security
0
rate-limit-setup
Implement rate limiting for API endpoints. Use when user mentions "rate limit", "quota", "usage tracking", "throttle", or "limit requests".
AppleLamps
testing-security