Auth
Authentication and authorization
refine
by tkersey
Refine an existing Codex skill via $ms with minimal diffs, then validate with quick_validate. Trigger when asked to improve a skill's trigger description/frontmatter, workflow text, metadata, scripts/references/assets, or agents/openai.yaml; also for requests to iterate, refactor, rename, or fix a skill using usage/session-mining evidence (for example from $seq).
security-review
by mcouthon
"Security-focused code review with attack surface mapping and risk classification. Use when reviewing PRs for security, auditing code changes, or analyzing potential vulnerabilities. Triggers on: 'security review', 'use security mode', 'audit this', 'check for vulnerabilities', 'is this secure', 'attack surface', 'threat model', 'security check'. Read-only mode - identifies issues but doesn't fix them."
mentor
by mcouthon
"Guide through problems with questions, not answers using Socratic teaching style. Use when asked to teach, explain concepts through discovery, help learn, or guide understanding without giving direct solutions. Triggers on: 'use mentor mode', 'teach me', 'help me understand', 'guide me', 'mentor', 'I want to learn', 'explain by asking', 'Socratic', 'don't give me the answer'. Read-only mode - explores and guides but doesn't write code."
security-review
by mcouthon
"Security-focused code review with attack surface mapping and risk classification. Use when reviewing PRs for security, auditing code changes, or analyzing potential vulnerabilities. Triggers on: 'security review', 'use security mode', 'audit this', 'check for vulnerabilities', 'is this secure', 'attack surface', 'threat model', 'security check'. Read-only mode - identifies issues but doesn't fix them."
rrr
by Soul-Brews-Studio
Create session retrospective with AI diary and lessons learned. Use when user says "rrr", "retrospective", "wrap up session", "session summary", or at end of work session.
analyzing-code-security
by bitwarden
This skill should be used when the user asks to "analyze code for security issues", "check for OWASP vulnerabilities", "review code against CWE Top 25", "find injection vulnerabilities", "do a security code review", or needs manual security analysis against OWASP Top 10, API Top 10, Mobile Top 10, or CWE/SANS frameworks.
mcp-patterns
by yonatangross
MCP server building, advanced patterns, and security hardening. Use when building MCP servers, implementing tool handlers, adding authentication, creating interactive UIs, hardening MCP security, or debugging MCP integrations.
security-react
by TheBeardedBearSAS
React Security. Use when reviewing security, implementing auth, or hardening code.
agent-sdk-development
by melodic-software
Central authority for Claude Agent SDK (TypeScript and Python SDKs). Covers SDK installation, authentication (Anthropic key, Bedrock, Vertex), sessions and resumption, forking sessions, streaming vs single mode, custom tools, permissions (allowedTools, disallowedTools, permissionMode), MCP integration, system prompts (CLAUDE.md, appendSystemPrompt, outputStyle), cost tracking, todo tracking, structured outputs, hosting patterns, plugins, and SDK branding guidelines. Assists with building custom agents, configuring SDK options, and troubleshooting SDK issues. Delegates 100% to docs-management skill for official documentation.
workos-authkit-react-router
by workos
Integrate WorkOS AuthKit with React Router applications. Supports v6 and v7 (Framework, Data, Declarative modes). Use when project uses react-router, react-router-dom, or mentions React Router authentication.
workos-dotnet
by workos
Integrate WorkOS AuthKit with .NET (ASP.NET Core). Backend authentication with DI registration, auth endpoints, and appsettings configuration.
pm-git-file-tracking
by bobmatnyc
Protocol for tracking files immediately after agent creation
MPM Tool Usage Guide
by bobmatnyc
Claiming deployment works without web-qa evidence = Circuit Breaker #3 violation (Unverified Assertions)
mpm-session-pause
by bobmatnyc
Pause session and save current work state for later resume
configure
by m1heng
Set up the WeChat channel — scan QR code to login, check channel status. Use when the user asks to configure WeChat, login, or check channel status.
reviewing-security-architecture
by bitwarden
This skill should be used when the user asks to "review the security architecture", "check authentication patterns", "evaluate trust boundaries", "review encryption implementation", "assess authorization design", or needs to evaluate system designs for authentication, authorization, data protection, or cryptographic correctness.
python-development
by skillcreatorai
Modern Python development with Python 3.12+, Django, FastAPI, async patterns, and production best practices. Use for Python projects, APIs, data processing, or automation scripts.
agent-browser
by m1heng
Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with web pages, fill forms, take screenshots, test web applications, or extract information from web pages.
feishu-e2e-test
by m1heng
Local E2E debug and test framework for clawd-feishu plugin development. Use when debugging message flow, testing bot responses, verifying Feishu web UI interactions, or performing end-to-end validation of the OpenClaw-Feishu integration during development.
facilitation-patterns
by lyndonkl
Use when running meetings, workshops, brainstorms, design sprints, retrospectives, or team decision-making sessions. Apply when need structured group discussion, managing diverse stakeholder input, ensuring equal participation, handling conflict or groupthink, or when user mentions facilitation, workshop design, meeting patterns, session planning, or running effective collaborative sessions.
ffuf-web-fuzzing
by trailofbits
Expert guidance for ffuf web fuzzing during authorized penetration testing. Covers directory discovery, subdomain enumeration, parameter fuzzing, authenticated fuzzing with raw requests, auto-calibration, and result analysis. Use when running ffuf scans, analyzing ffuf output, or building fuzzing strategies for web targets.
openai-gh-address-comments
by trailofbits
Help address review/issue comments on the open GitHub PR for the current branch using gh
notebooklm
by PleasePrompto
Use this skill to query your Google NotebookLM notebooks directly from Claude Code for source-grounded, citation-backed answers from Gemini. Browser automation, library management, persistent auth. Drastically reduced hallucinations through document-only responses.
better-auth
by Microck
Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications.