Auth

attack-surface

by florianbuetow

This skill should be used when the user asks to "map attack surface", "list entry points", "inventory API endpoints", "find all inputs", "enumerate routes", "discover exposed endpoints", or "map external interfaces". Also triggers when the user asks about exposed APIs, form handlers, file upload endpoints, WebSocket handlers, CLI argument parsers, or wants to understand where external data enters the system.

headless-browser

by Takazudo

Browser automation skill with two efficiency tiers. Tier 1: lightweight headless-check.js for quick checks, screenshots, error detection. Tier 2: playwright-cli for interactions (click, fill, navigate). Use when: (1) Quick webpage health checks, (2) Taking screenshots, (3) Checking console/network errors, (4) Simple interactions like clicking buttons or filling forms, (5) Multi-step browser automation. Use MCP Playwright only for complex scenarios requiring persistent context or rich introspection.

access-control

by florianbuetow

This skill should be used when the user asks to "check for access control issues", "analyze authorization", "find IDOR vulnerabilities", "audit CORS configuration", "check for privilege escalation", or mentions "access control", "authorization", "IDOR", "CORS", "JWT tampering", or "directory traversal" in a security context. Maps to OWASP Top 10 2021 A01: Broken Access Control.

mermaid-diagrams

by el-feo

Comprehensive guide for creating software diagrams using Mermaid syntax. Use when users need to create, visualize, or document software through diagrams including class diagrams (domain modeling, object-oriented design), sequence diagrams (application flows, API interactions, code execution), flowcharts (processes, algorithms, user journeys), entity relationship diagrams (database schemas), C4 architecture diagrams (system context, containers, components), state diagrams, git graphs, pie charts, gantt charts, or any other diagram type. Triggers include requests to "diagram", "visualize", "model", "map out", "show the flow", or when explaining system architecture, database design, code structure, or user/application flows.

review-plan

by florianbuetow

This skill should be used when the user asks to "review plan for security", "check plan for security issues", "security review of implementation plan", "audit the plan for vulnerabilities", or "check my plan before coding". Also triggers when the user mentions security in the context of an implementation plan, architecture proposal, or design document before code has been written. This is the FLAGSHIP pre-code security skill -- no other tool reviews plans at design time.

discover-security

by rand

Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.

inertia-rails-auth

by cole-robertson

Implement authentication and authorization in Inertia Rails applications. Use when setting up login, sessions, permissions, and access control with Devise, has_secure_password, or other auth solutions.

pilotty

by msmps

Automates terminal TUI applications (vim, htop, lazygit, dialog) through managed PTY sessions. Use when the user needs to interact with terminal apps, edit files in vim/nano, navigate TUI menus, click terminal buttons/checkboxes, or automate CLI workflows with interactive prompts.

traceability-auditor

by nahisaho

Validates complete requirements traceability across EARS requirements → design → tasks → code → tests. Trigger terms: traceability, requirements coverage, coverage matrix, traceability matrix, requirement mapping, test coverage, EARS coverage, requirements tracking, traceability audit, gap detection, orphaned requirements, untested code, coverage validation, traceability analysis. Enforces Constitutional Article V (Traceability Mandate) with comprehensive validation: - Requirement → Design mapping (100% coverage) - Design → Task mapping - Task → Code implementation mapping - Code → Test mapping (100% coverage) - Gap detection (orphaned requirements, untested code) - Coverage percentage reporting - Traceability matrix generation Use when: user needs traceability validation, coverage analysis, gap detection, or requirements tracking across the full development lifecycle.

plan

by AIDotNet

分析用户需求，分解为可执行步骤，并生成结构化文档。当用户想要为软件开发任务创建详细实施计划时使用此技能。

jwt-decoder

by AIDotNet

解码、验证和生成JWT令牌，支持多种算法。

git-workflow

by AIDotNet

自动化Git操作，智能生成遵循Conventional Commits的提交信息、分支管理和PR描述生成。

Security Engineer Skill

by wasintoh

Next.js Security: https://nextjs.org/docs/app/building-your-application/configuring/security

premium-experience

by wasintoh

Premium app generation that creates WOW-factor experiences. Multi-page apps with smooth animations, zero TypeScript errors, and production-ready quality. Lovable-style experience: one prompt, complete app, instant delight. MUST be used alongside vibe-orchestrator for new projects.

cloud

by assistant-ui

Guide for assistant-cloud persistence and authorization. Use when setting up thread persistence, file uploads, or authentication.

llm-obsidian-wiki

by ignromanov

"Karpathy's LLM Wiki pattern, built for Claude Code. Long-term memory for Claude via Obsidian: captures URLs, PDFs, GitHub, YouTube and compiles them into a structured Obsidian vault with citations that grows smarter every session. Second brain, zettelkasten, and autonomous research assistant in one. Keywords: llm-wiki, obsidian-plugin, knowledge-base, compounding-knowledge, claude-code, pkm, llm-memory."

appwrite-dart

by appwrite

Appwrite Dart SDK skill. Use when building Flutter apps (mobile, web, desktop) or server-side Dart applications with Appwrite. Covers client-side auth (email, OAuth), database queries, file uploads with native file handling, real-time subscriptions, and server-side admin via API keys for user management, database administration, storage, and functions.

appwrite-dotnet

by appwrite

Appwrite .NET SDK skill. Use when building server-side C# or .NET applications with Appwrite, including ASP.NET and Blazor integrations. Covers user management, database/table CRUD, file storage, and functions via API keys.

appwrite-ruby

by appwrite

Appwrite Ruby SDK skill. Use when building server-side Ruby applications with Appwrite, including Rails and Sinatra integrations. Covers user management, database/table CRUD, file storage, and functions via API keys.

appwrite-kotlin

by appwrite

Appwrite Kotlin SDK skill. Use when building native Android apps or server-side Kotlin/JVM backends with Appwrite. Covers client-side auth (email, OAuth with Activity integration), database queries, file uploads, real-time subscriptions with coroutine support, and server-side admin via API keys for user management, database administration, storage, and functions.

appwrite-php

by appwrite

Appwrite PHP SDK skill. Use when building server-side PHP applications with Appwrite, including Laravel and Symfony integrations. Covers user management, database/table CRUD, file storage, and functions via API keys.

appwrite-python

by appwrite

Appwrite Python SDK skill. Use when building server-side Python applications with Appwrite, including Django, Flask, and FastAPI integrations. Covers user management, database/table CRUD, file storage, and functions via API keys.

session-analytics

by spences10

Query Claude Code session analytics from ccrecall database. Use when user asks about token usage, costs, session history, or wants to analyze their Claude Code usage patterns.

Account Abstraction

by omer-metin