HashiCorp Vault operations including secrets engines (KV, AWS, Azure, GCP, Database, PKI), auth methods (Token, AppRole, Kubernetes, OIDC, AWS), policies and ACLs, dynamic credentials, secret rotation, Terraform integration, agent sidecar patterns, audit logging, high availability, and disaster recovery. Activate for Vault secret management, credentials automation, and security configuration.
Policy as Code with OPA, Kyverno, and Checkov. Use when implementing governance, compliance automation, or security policies for infrastructure and Kubernetes.
Validate Nixtla skills and plugins with deterministic evidence bundles and strict schema gates. Use when auditing changes or enforcing compliance. Trigger with 'run validation' or 'audit validators'.
Implement comprehensive AWS security controls and compliance
Implement zero-trust security, secrets management, and compliance. Use for Vault, ESO, Kyverno, OPA, Pod Security, RBAC, and supply chain security. Keywords: security, secrets, Vault, ESO, Kyverno, OPA, RBAC, compliance, SBOM, Cosign.
Keycloak OIDC integration with Harness pipelines, EKS IRSA, service account authentication, and realm-as-code patterns
Perform comprehensive security analysis to identify vulnerabilities. Integrates with codex-review for automatic security checks. Covers OWASP Top 10, common vulnerabilities, and secure coding practices. Output: Japanese
Auto-invoke when reviewing authentication, authorization, input handling, data exposure, or any user-facing code. Enforces OWASP top 10 awareness and security-first thinking.
This skill should be used when the user requests to audit, check, or improve application security by analyzing security headers, cookie configuration, RLS policies, input sanitization, rate limiting, and other security measures. It generates a comprehensive security audit report with actionable recommendations. Trigger terms include security audit, security check, harden security, security review, vulnerability check, security headers, secure cookies, input validation, rate limiting, security best practices.
Set up OpenAPI client for authenticated API calls in Umbraco backoffice (REQUIRED for custom APIs)
Master OAuth 2.0 authorization patterns with OpenIddict and ABP Framework including permission-based authorization, role-based access control, custom claims, and multi-tenant security. Use when implementing authentication/authorization for ABP applications.
Web application security patterns including STRIDE threat modeling, OWASP Top 10 compliance, ABP authorization, and security audit procedures. Use when: (1) conducting security audits, (2) implementing authentication/authorization, (3) creating threat models, (4) reviewing code for vulnerabilities.
驗證工具組合。觸發詞:驗證, verify, check, 維度, dimension。
Use when working on NRPG Platform tasks to follow repo conventions (NextAuth cookie sessions, tenant safety, and contractor privacy) and to run the correct checks.
Google OAuth クライアント設定の手順を案内する。「OAuth 設定」「Google 認証の準備」「クライアント ID 作成」「認証手順を教えて」「Google ログイン準備」「OAuth セットアップ」「認証設定したい」などで起動。
Google OAuth 認証を実行する。「Google ログイン」「認証して」「ログインして」「Google 認証」「アカウント追加」などで起動。
Keycloak administration including realm management, client configuration, OAuth 2.0 setup, user management with custom attributes, role and group management, theme deployment, and token configuration. Activate for Keycloak Admin API operations, authentication setup, and identity provider configuration.
掃描程式碼和配置檔中的敏感資料洩漏,包括 API Keys、密碼、Token 等
Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications.
Apply when implementing authentication: sign up, sign in, OAuth providers, session management, and protected routes.
Configures 1Password CLI with direnv for fast, secure credential loading. Activates for: 1Password + direnv setup, slow secrets (>2 sec), .env.op files, op:// references, AWS credentials via env vars, --reveal flag issues, repeated biometric prompts, creating 1Password items programmatically, op item get errors. Not for: 1Password GUI usage, SSH keys (use 1Password SSH agent).
Use when implementing privacy manifests, requesting permissions, App Tracking Transparency UX, or preparing Privacy Nutrition Labels - covers just-in-time permission requests, tracking domain management, and Required Reason APIs from WWDC 2023
