reviewing-authentication-and-authorization-security
Use when reviewing authentication or authorization code. Provides comprehensive security guidance on JWT validation, token exchange, OAuth 2.0/2.1 compliance, PKCE, Resource Indicators, MCP authorization, session management, and API authentication. Covers critical vulnerabilities including token forwarding, audience validation, algorithm confusion, confused deputy attacks, and authentication bypass. Invoke when analyzing any authentication, authorization, or access control code changes.
scalekit-auth
Implement authentication with Scalekit for web applications, APIs, and MCP servers. Supports full-stack auth, modular SSO (SAML/OIDC), and MCP OAuth 2.1. Handles login, SSO, session management, token validation, and enterprise identity providers. Works with Node.js, Express, Next.js, Python, FastAPI, and MCP servers. Use when implementing authentication, adding SSO, securing APIs, or protecting MCP servers.
aws-sso-refresh
Automatically refresh AWS SSO authentication tokens when encountering expiration errors. Use when AWS MCP tools fail due to expired SSO sessions.
security-auditor
security-auditor skill Trigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVE Use when: User requests involve security auditor tasks.
configuring-better-auth
Implement OAuth 2.1 / OIDC authentication using Better Auth with MCP assistance. Use when setting up a centralized auth server (SSO provider), implementing SSO clients in Next.js apps, configuring PKCE flows, or managing tokens with JWKS verification. Uses Better Auth MCP for guided setup. NOT when using simple session-only auth without OAuth/OIDC requirements.
security-reviewer
Security audit following OWASP Top 10 and best practices for web applications. Triggers: SEC, security, 安全, OWASP, 漏洞, vulnerability, audit, 稽核, 安全檢查, security check, CVE, 資安, penetration, pentest, 滲透, injection, XSS, CSRF, 認證, authentication, 授權, authorization, secrets, 敏感資料.
mcp-integration
Configure and manage MCP (Model Context Protocol) servers for AI agent tooling. Use when adding MCP servers, configuring authentication (OAuth 2.1 or API keys), managing opencode.json, implementing token flows, or troubleshooting MCP connections. Covers registry patterns, PKCE authentication, and the Result-based service architecture.
device-management
Manage device adoption and onboarding, maintain device inventory, and monitor device configurations across your UniFi Protect infrastructure.
pal-secaudit
Comprehensive security audit with OWASP Top 10 analysis, compliance evaluation, and threat modeling using PAL MCP. Use for security reviews, vulnerability assessment, or compliance checks. Triggers on security audit requests, vulnerability scanning, or compliance reviews.
building-mcp-servers
Use when building MCP servers in TypeScript, Python, or C#; when implementing tools, resources, or prompts; when configuring Streamable HTTP transport; when migrating from SSE; when adding OAuth authentication; when seeing MCP protocol errors
langfuse-dashboard
Automates Langfuse Cloud dashboard interactions using Playwright MCP. Captures screenshots for documentation, extracts metrics for monitoring, navigates trace details for investigation, and handles authentication. Use when documenting workflows, creating compliance screenshots, monitoring dashboard metrics, or investigating traces visually. MUST use Playwright MCP tools (mcp__playwright__*) for browser automation.
playwright-automation
Use when Codex must browse, interact with, or test web flows via the remote Playwright MCP server hosted on Glama.
tdd-workflow
TDDワークフローを強制し、テストファースト開発を支援します。新機能実装時に自動起動し、Red-Green-Refactorサイクルを確実に実行します。
playwright
Browser automation via Playwright MCP. Use for verification, browsing, web scraping, testing, screenshots, and all browser interactions.
generate-e2e-test
Generate an end-to-end test for a given feature or user story. Use when the user asks to create E2E tests, automate workflows, test user flows, or convert manual workflows into Playwright tests. Leverages Playwright MCP to perform the workflow interactively before generating test code.
e2e-playwright-diagnosis
Diagnose and resolve E2E test failures in Playwright. This skill should be used when E2E tests fail and need investigation, when Playwright test errors require root cause analysis, or when test failures need to be reproduced in the browser for debugging. Orchestrates MCP tools (Playwright, Chrome DevTools, Serena) and delegates code fixes to specialized agents.
playwright
Complete guide to using Playwright MCP server with Claude Code
oe-e2e-site-visit
End-to-end verification for the site-visit (Step 7) flow. Use when you need to reproduce or validate that the system reaches the site-visit prompt/options and can proceed to confirmation, either via deterministic backend-only traces (manual_ux_scenario_I/H) or via browser UI checks (Playwright/MCP).
test-coverage-boost
Increase test coverage from 0% to 80%+ in ANY project, ANY testing framework
