Implement database-backed session management with cookie handling, audit trails, and multiple device support. Use when building authentication systems that need session tracking, device management, or security audit capabilities.
Use when need to bypass Cloudflare protection, scrape websites with anti-bot measures, render JavaScript pages, or simulate real browser behavior for web scraping
Set a secret. Requires authentication. Use for Agentuity cloud platform operations
This skill should be used when the user asks about "gosec", "G115", "G404", "integer overflow", "weak random", "crypto/rand", "security lint", "hardcoded credentials", or needs guidance on fixing Go security vulnerabilities. Provides patterns for common security anti-patterns.
Security pattern for systems that manage cryptographic keys themselves rather than delegating to an external service. Use when the application must store, retrieve, and manage cryptographic keys directly. Implementation of Cryptographic Key Management pattern. Covers key storage security, key derivation from passwords, limiting key exposure, and protecting key confidentiality and integrity throughout the lifecycle.
Validates Slack configuration and credentials. Checks if config exists, credentials are present, and authentication is working. Used internally by other Slack skills.
DEPRECATED umbrella Skill (backward compatibility). Use only for cross-cutting security reviews spanning remote content + XSS/sanitization + store compliance. Prefer focused openwebf-security-* Skills.
Display the API key for the currently authenticated user. Requires authentication. Use for managing authentication credentials
Review and mitigate XSS risks in WebF apps (sanitize HTML, validate input, avoid unsafe string rendering). Use when the user mentions XSS, sanitize HTML, innerHTML-like rendering, user-generated HTML, or “untrusted input”.
Write and validate Firestore Security Rules following the project's multi-tenancy Blueprint pattern. Use this skill when implementing collection-level security, Blueprint membership validation, role-based permissions, and data access controls. Ensures rules validate BlueprintMember status, check permissions array, enforce data isolation, and integrate with the three-layer architecture where Security Rules are the first line of defense.
セキュリティ専門家。脆弱性診断、脅威モデリング、セキュリティベストプラクティス適用を支援。使用場面: (1) セキュリティ脆弱性診断、(2) 脅威モデリング、(3) 認証・認可の設計レビュー、(4) データ保護の検証、(5) セキュリティ監査。トリガー: "security-analyst", "セキュリティ", "脆弱性", "脅威", "/security-analyst"
Run security scan on skills or directories to detect API keys, tokens, passwords, personal paths, and other sensitive data. Use before pushing skills or committing code.
סיוע באבטחת אפליקציות ווב ו-APIs. השתמש כשמבקשים לאבטח פרויקט, לבדוק חולשות, להגדיר הרשאות, לנהל API keys, או להגן על נתונים. מותאם ל-Vibe Coders שעובדים עם Supabase, FastAPI, ו-Claude Code. מסביר מושגי אבטחה בשפה פשוטה עם צ'קליסטים מעשיים.
Get a value from the keyvalue storage. Requires authentication. Use for Agentuity cloud platform operations
Implement an RFC-compliant OAuth 2.1 authorization server in Rails applications. Use when building apps that need to authorize third-party clients (like MCP clients, API consumers, or external integrations) using industry-standard OAuth flows with PKCE, dynamic client registration, and token management.
Эксперт по санитизации ввода. Используй для XSS prevention, encoding, validation и security headers.
Validate AgentConfig definitions for the Agent Framework. Use when creating or modifying agent configurations to ensure correct structure, valid tool references, and proper sub-agent composition. Validates TypeScript interfaces and Python Pydantic models.
security-auditor skill Trigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVE Use when: User requests involve security auditor tasks.
Auth system (Clerk + Convex + anonymous JWT) guidelines and planned permissions/upgrade behavior.
Implement authentication using better-auth library in web applications. Use this skill when users need to add signup, signin, signout, session management, or user profile features. Triggers on requests for authentication, login systems, user registration, OAuth integration, or protecting routes with auth.
