Auth
Authentication and authorization
frontend-async-best-practices
by sergiodxa
Async/await and Promise optimization guidelines. Use when writing, reviewing, or refactoring asynchronous code to eliminate waterfalls and maximize parallelism. Triggers on tasks involving data fetching, loaders, actions, or Promise handling.
auramaxx
by Aura-Industry
Securely store, retrieve, and share sensitive data with your human. Use when the user asks for credentials, API keys, credit cards, passwords, or any kind of secret that should not be exposed.
commit
by aviflombaum
This skill should be used when the user asks to "commit", "make a commit", "commit my changes", "create commits", "git commit", or wants to commit staged/unstaged changes with logical grouping and conventional commit format.
nist-compliance
by williamzujkowski
NIST 800-53r5 control implementation, tagging, evidence collection, and compliance automation for security frameworks
security-practices
by williamzujkowski
Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection
bitrix24-agent
by vrtalex
Design, implement, debug, and harden integrations between AI agents and Bitrix24 REST API (webhooks, OAuth 2.0, scopes, events, batch, limits, and REST 3.0). Use when asked to connect AI assistants/agents to Bitrix24, automate CRM/tasks/chats, process Bitrix24 events, choose an auth model, or resolve Bitrix24 API errors and performance issues.
E2E Testing Skill
by Svenja-dev
Dresden AI Insights - https://dresdenaiinsights.com
kaizen
by Svenja-dev
Manufacturing-fokussierter Continuous Improvement Skill fuer fabrikIQ. Implementiert Lean Manufacturing Prinzipien (5 Whys, Ishikawa, PDCA) fuer systematische Problemloesung und Qualitaetsverbesserung. Aktivieren bei Bug-Analyse, Refactoring, Code Review, Production Incidents.
gathering-requirements
by axiomantic
"Use when eliciting or clarifying feature requirements, defining scope, identifying constraints, or capturing user needs. Triggers: 'what are the requirements', 'define the requirements', 'scope this feature', 'user stories', 'acceptance criteria', 'what should this do', 'what problem are we solving', 'what are the constraints'. Also invoked by implementing-features during DISCOVER stage and by the Forged workflow."
fun-mode
by axiomantic
"Use when starting a session and wanting creative engagement, or when user says '/fun' or asks for a persona"
analyzing-skill-usage
by axiomantic
"Analyze session transcripts to extract skill invocation patterns, score invocations, and produce comparative metrics for skill improvement decisions."
non-repudiation-privacy
by florianbuetow
This skill should be used when the user asks to "check for non-repudiation privacy risks", "analyze excessive audit logging", "find privacy issues related to accountability", "check for forced identity linking", or mentions "non-repudiation" in a privacy context. Maps to LINDDUN category N. This is the INVERSE of STRIDE repudiation -- here too much proof is the threat.
learn
by florianbuetow
This skill should be used when the user asks to "learn about security", "teach me OWASP", "security tutorial", "learn threat modeling", or invokes /appsec:learn. Interactive guided walkthrough using your codebase as teaching material.
mermaid-creator
by Takazudo
ALWAYS use this skill proactively whenever generating, writing, or outputting Mermaid diagram code — whether in markdown code blocks, .md files, documentation, or any other context. This includes flowcharts, sequence diagrams, class diagrams, state diagrams, ER diagrams, gantt charts, pie charts, mindmaps, timelines, and all other Mermaid diagram types. Applies strict syntax rules to prevent common rendering errors (HTML tags, style directives, invalid escapes). No need for the user to explicitly request this skill — load it automatically whenever Mermaid syntax is being produced.
check-onboarding
by phrazzld
Audit onboarding: first-run, time to aha, friction points, empty states. Outputs structured findings. Use log-onboarding-issues to create issues. Invoke for: onboarding review, new user experience, activation audit.
pasta-threats
by florianbuetow
This skill should be used when the user asks to "analyze threats", "identify threat actors", "map attack vectors", "cross-reference MITRE ATT&CK", or is running PASTA stage 4. Also triggers when the user asks about adversary tactics, supply chain threats, or threat intelligence in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 4 of 7).
smart-commit
by devstefancho
Split uncommitted working tree changes into logical, ordered commits by analyzing Claude Code session history. Use when user asks to split commits, organize commits from session, auto-commit by feature, or says "커밋 나눠줘", "커밋 분리", "세션 기반 커밋".
secops-engineer
by olehsvyrydov
Senior Security Engineer with 12+ years application security experience. Use when implementing authentication/authorization, configuring JWT/OAuth2, conducting security reviews, implementing rate limiting, ensuring GDPR compliance, or performing security scanning.
session-reporter
by devstefancho
Generate HTML file to view work session. Use when user asks to view content as HTML (e.g., 'view as HTML', 'export to HTML', 'create HTML file', 'save as HTML').
pasta-vulns
by florianbuetow
This skill should be used when the user asks to "analyze vulnerabilities", "find security weaknesses", "map CWEs", "run vulnerability analysis", or is running PASTA stage 5. Also triggers when the user asks about SAST, DAST, dependency scanning, or CWE mapping in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 5 of 7).
api
by florianbuetow
This skill should be used when the user asks to "check API security", "audit REST API", "find BOLA vulnerabilities", "check for mass assignment", "analyze API rate limiting", "detect excessive data exposure", or mentions "API security", "BOLA", "IDOR", "mass assignment", "rate limiting", "broken function-level authorization", "excessive data exposure", or "OWASP API Top 10" in a security context.
graphql
by florianbuetow
This skill should be used when the user asks to "check GraphQL security", "analyze GraphQL endpoint", "find GraphQL vulnerabilities", "audit GraphQL schema", "check for introspection", "analyze query depth", or mentions "GraphQL", "introspection", "query depth limit", "query complexity", "GraphQL batching", "alias abuse", or "per-field authorization" in a security context.
auth
by florianbuetow
This skill should be used when the user asks to "check for authentication issues", "analyze auth", "find credential vulnerabilities", "review login security", "check session management", or mentions "authentication", "passwords", "MFA", "sessions", or "brute force" in a security context. Maps to OWASP Top 10 2021 A07: Identification and Authentication Failures.
pasta-decompose
by florianbuetow
This skill should be used when the user asks to "decompose the application", "map trust boundaries", "identify components and roles", "catalog permissions", or is running PASTA stage 3. Also triggers when the user asks about role-based access control mapping, data classification, or service-to-service trust in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 3 of 7).