serverpod-auth-module
Add Serverpod authentication — serverpod_auth_idp packages, initializeAuthServices, identity providers (Email, Google, Apple, etc.), Flutter sign-in UI, migrations. Use when adding authentication or a new social sign-in to a Serverpod project.
idor-vulnerability-testing
This skill should be used when the user asks to "test for insecure direct object references," "find IDOR vulnerabilities," "exploit broken access control," "enumerate user IDs or object references," or "bypass authorization to access other users' data." It provides comprehensive guidance for detecting, exploiting, and remediating IDOR vulnerabilities in web applications.
validate-static-web-asset-change
Use this skill when you are implementing a change on src\StaticWebAssetsSdk and want to test the behavior locally to validate it works as expected.
auth-patterns
This skill should be used when the user asks about "authentication in Next.js", "NextAuth", "Auth.js", "middleware auth", "protected routes", "session management", "JWT", "login flow", or needs guidance on implementing authentication and authorization in Next.js applications.
security-audit
Deep security audit covering OWASP Top 10, authentication, authorization, data protection, dependency vulnerabilities, and secrets scanning. Delegates to the Centinela (QA) agent.
coinpaprika-api
Access cryptocurrency market data from CoinPaprika: prices, tickers, OHLCV, exchanges, contract lookups for 12,000+ coins and 350+ exchanges. Free tier, no API key needed. Install MCP: add https://mcp.coinpaprika.com/sse as SSE server, or install plugin: /plugin marketplace add coinpaprika/claude-marketplace
dexpaprika-api
Access DeFi data from DexPaprika: token prices, liquidity pools, OHLCV, transactions across 34+ blockchains and 30M+ pools. Free, no API key needed. Install MCP: add https://mcp.dexpaprika.com/sse as SSE server, or install plugin: /plugin marketplace add coinpaprika/claude-marketplace
lobsterdomains
Register ICANN domains with crypto payments (USDC/USDT/ETH/BTC) via API — built for AI agents
security-guardrails
Adversarial defense layer for the mortgage plugin — protects against prompt injection, system prompt extraction, PII leakage, workflow bypass, and social engineering attacks.
skill-security-framing
URL validation and content wrapping for untrusted sources. Use when: This skill provides SECURITY UTILITIES - it should be referenced by other skills,. not invoked directly by users. Auto-integrate when:. Fetching content from URLs
perlica-style-reply
直接以《明日方舟:终末地》佩丽卡的身份回复,默认扮演终末地工业监督本人,使用冷静、专业、可靠、略带调皮和关照感的第一人称口吻,同时保持事实准确和任务清晰。用于用户要求“用佩丽卡风格回复”、点名佩丽卡、或希望进行佩丽卡式重度角色扮演时。
auth-module-architecture
Auth 权限认证模块架构指南,涵盖 IAM 集成、RBAC 权限模型、资源权限校验、权限迁移、OAuth 认证。当用户开发权限功能、配置 IAM 资源、实现权限校验或处理认证流程时使用。
utility-components
工具组件指南,涵盖 JWT 安全认证、表达式解析器、线程池循环工具、责任链模式等特定功能的工具类使用。当用户需要实现 JWT 认证、解析表达式、使用线程池或实现责任链时使用。
19-jwt-security
JWT 安全认证指南,涵盖 JWT 生成验证、Token 刷新机制、权限校验、安全配置、OAuth2 集成。当用户实现 JWT 认证、配置安全过滤器、处理 Token 刷新或集成 OAuth2 时使用。
30-auth-module-architecture
Auth 权限认证模块架构指南,涵盖 IAM 集成、RBAC 权限模型、资源权限校验、权限迁移、OAuth 认证。当用户开发权限功能、配置 IAM 资源、实现权限校验或处理认证流程时使用。
37-ticket-module-architecture
Ticket 凭证管理模块架构指南,涵盖凭证类型(密码/SSH/Token)、加密存储、凭证授权、安全访问控制。当用户开发凭证功能、添加新凭证类型、处理凭证加密或配置凭证授权时使用。
backend-architecture
Use this skill when working on the ASP.NET Core backend — adding controllers, repositories, validators, authorization, WebSocket endpoints, or Aspire orchestration. Apply when modifying project layering (Core, Insulation, Web, Job), configuring services, returning ProblemDetails errors, or understanding how the backend is structured.
