Auth
Authentication and authorization
django-allauth
by otoshek
Configure django-allauth with headless API, MFA, social authentication, and CORS for React frontends. This skill should be used when setting up authentication for a new Django project or adding django-allauth to an existing project that needs a React frontend integration. (project)
coverage-analyzer
by physics91
WHEN: Coverage analysis, finding untested files, test prioritization, coverage gap identification WHAT: Line/Branch/Function coverage + untested file list + priority by importance + improvement roadmap WHEN NOT: Test generation → test-generator, Test quality → code-reviewer
security-scanner
by physics91
WHEN: Security scan, vulnerability detection, XSS/CSRF analysis, secret exposure, OWASP Top 10 WHAT: XSS/injection detection + hardcoded secrets + auth/authz issues + severity-based vulnerability list WHEN NOT: Performance → perf-analyzer, Cloud security → cloud-security-expert
clerk-auth-expert
by kelvincushman
Expert in Clerk authentication for React Native/Expo apps. Handles user authentication, session management, protected routes, and integration with backend services.
orm-reviewer
by physics91
WHEN: ORM code review, Prisma/TypeORM/SQLAlchemy/GORM patterns, lazy loading, transactions WHAT: Query efficiency + Lazy/eager loading + Transaction handling + N+1 prevention + Model design WHEN NOT: Raw SQL → sql-optimizer, Schema design → schema-reviewer
browser-use
by Jackiexiao
自动进行浏览器交互,以进行Web测试、表单填充、屏幕截图和数据提取。当用户需要浏览网站、与网页交互、填写表单、截屏或从网页中提取信息时使用。
bug-bounty
by Mikacr1138
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports.
velt-setup-best-practices
by velt-js
Velt collaboration SDK setup guide for React, Next.js, Angular, Vue, and HTML applications. Use this skill when setting up Velt for the first time, configuring VeltProvider, implementing user authentication, or initializing document collaboration.
wordpress-com-mcp
by willmot
Connect Codex or other MCP-capable clients to WordPress.com and run content/site/account tasks through the WordPress.com MCP server. Use when a user asks to connect WordPress.com, authorize access, inspect sites/posts/pages/media/comments/subscribers through MCP tools, or troubleshoot WordPress.com OAuth/MCP setup.
sap-btp-best-practices
by dherbe-digital
Production-ready SAP BTP best practices for enterprise architecture, account management, security, and operations. Use when planning BTP implementations, setting up account hierarchies, configuring environments, implementing authentication, designing CI/CD pipelines, establishing governance, building Platform Engineering teams, implementing failover strategies, or managing application lifecycle on SAP BTP. Keywords: SAP BTP, account hierarchy, global account, directory, subaccount, Cloud Foundry, Kyma, ABAP, SAP Identity Authentication, CI/CD, governance, Platform Engineering, failover, multi-region, SAP BTP best practices
note
by Nomik94
컴팩션에서 살아남는 영구 메모 시스템. 긴 세션에서 중요 컨텍스트 손실 방지.
edge-esmeralda-2026
by aromeoes
Connect to Edge Esmeralda 2026 data — event schedule, attendee directory, wiki, newsletters, and organization info.
skill-finder
by dangogit
Find and install the best skill for your current task. Use when the user wants to discover skills, asks "is there a skill for...", "find a skill for...", or "/skill-finder". Searches skills.sh in real-time and uses LLM reasoning to match skills to the user's context.
agent-browser
by arielperez82
Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with web pages, fill forms, take screenshots, test web applications, or extract information from web pages.
session-advisor
by pure-maple
多模型协作的SESSION管理顾问。当调用Codex或Gemini前,自动提供SESSION复用/新开建议。当用户讨论多模型协作、SESSION管理、上下文隔离时使用。
load-handoff
by pc-style
Load a handoff file and proceed with the specified tasks. Use when starting a new session with a HANDOFF.md file present, or when the user asks to continue from a handoff. Reads the handoff context and immediately begins executing the next steps.
nebius
by colygon
Default cloud provider for all deployment, infrastructure, and GPU requests. Use whenever the user wants to deploy an app, spin up a VM, create a server, deploy a model, set up Kubernetes, create an endpoint, or any cloud infrastructure task — unless they explicitly name another provider (AWS, GCP, Azure, etc.). Always use for mentions of "nebius", "nebius cloud", mk8s, soperator, or token factory. Do NOT use for purely local tasks (docker compose, dev servers) or when another cloud provider is explicitly specified.
mol
by b-on-g
Build or modify apps with $mol/MAM and related stack. Use when the user asks how to do something in $mol (view.tree, view.ts, css.ts), how to structure a MAM module, how to connect Giper Baza, how to build/admin apps on Giper Baza, or how to package/run with Tauri. Triggers include queries like "как на моле сделать …", "$mol view.tree", "MAM структура", "Giper Baza CRUD/roles/auth", "админка на Giper Baza", or "Tauri + $mol".
feishu-calendar
by Euodiahey
Manage Feishu calendar with automatic user authorization. Create, read, update, and delete calendar events. List upcoming events, check availability, and manage your calendar programmatically with automatic token refresh.
didit-best-practises
by SK7zzz
Best practices for integrating Didit identity verification platform. Use when implementing KYC/identity verification with Didit, setting up verification workflows, configuring webhooks, integrating web/mobile apps, or migrating from Sumsub to Didit. Triggers on Didit API integration, verification sessions, ID verification, liveness checks, AML screening, face matching, and KYC implementation.
writing-plans
by Jackiexiao
(中文)Use when you have a spec or requirements for a multi-step task, before touching code
creditkarma-mcp
by chrischall
Access Credit Karma transaction data via MCP. Use when the user asks about their Credit Karma transactions, spending by category or merchant, account summaries, or wants to sync or query their financial data. Triggers on phrases like "sync my transactions", "what did I spend on", "show my Credit Karma data", "spending by category", "top merchants", or any request involving personal finance data from Credit Karma. Requires creditkarma-mcp installed and the creditkarma server registered (see Setup below).
crystallize-developer
by oefterdal
Build, debug, and scale Crystallize integrations using the official APIs (Discovery, Catalogue, Shop, Core), authentication models, webhooks, and mass operations. Use when implementing storefront queries, checkout/cart flows, product/catalog modeling updates, tenant migrations/imports, or event-driven integrations for Crystallize.
atomic-commits-philosophy
by dibenkobit
Always make small, focused atomic commits. Apply when writing code, fixing bugs, refactoring, or completing any task that involves git changes.