Auth
Authentication and authorization
appsec-expert
by martinholovsky
"Elite Application Security engineer specializing in secure SDLC, OWASP Top 10 2025, SAST/DAST/SCA integration, threat modeling (STRIDE), and vulnerability remediation. Expert in security testing, cryptography, authentication patterns, and DevSecOps automation. Use when securing applications, implementing security controls, or conducting security assessments."
fastapi-expert
by martinholovsky
"Expert FastAPI developer specializing in production-ready async REST APIs with Pydantic v2, SQLAlchemy 2.0, OAuth2/JWT authentication, and comprehensive security. Deep expertise in dependency injection, background tasks, async database operations, input validation, and OWASP security best practices. Use when building high-performance Python web APIs, implementing authentication systems, or securing API endpoints."
dbus
by martinholovsky
"Expert in D-Bus IPC (Inter-Process Communication) on Linux systems. Specializes in secure service communication, method calls, signal handling, and system integration. HIGH-RISK skill due to system service access and privileged operations."
browser-automation
by martinholovsky
"Expert in browser automation using Chrome DevTools Protocol (CDP) and WebDriver. Specializes in secure web automation, testing, and scraping with proper credential handling, domain restrictions, and audit logging. HIGH-RISK skill due to web access and data handling."
code-security-review
by DauQuangThanh
Conducts comprehensive security code reviews including vulnerability detection (OWASP Top 10, CWE), authentication/authorization flaws, injection attacks, cryptography issues, sensitive data exposure, API security, dependency vulnerabilities, security misconfigurations, and compliance validation (PCI-DSS, GDPR, HIPAA). Produces detailed security assessment reports with CVE references, CVSS scores, exploit scenarios, and remediation guidance. Use when reviewing code security, performing security audits, checking for vulnerabilities, validating security controls, assessing security risks, or when users mention "security review", "vulnerability scan", "security audit", "penetration test", "OWASP", "security assessment", "secure coding", or "security compliance".
electricsql
by oakoss
ElectricSQL real-time Postgres sync engine using Shapes for partial replication. Covers ShapeStream API, React hooks, where clause filtering, column selection, auth proxy patterns, and progressive write strategies from online-only to through-the-database. Use when setting up ElectricSQL, configuring Postgres sync, implementing shape-based data loading, building auth proxies for shapes, or choosing write patterns for local-first apps with Electric.
better-auth
by oakoss
Self-hosted TypeScript auth framework with social auth, 2FA, passkeys, organizations, RBAC, and 15+ plugins. Supports Drizzle/Prisma/Kysely adapters. Self-hosted alternative to Clerk/Auth.js. Use when: configuring auth, adding plugins, social OAuth, multi-tenant SaaS, organizations with teams and RBAC, two-factor authentication (TOTP/OTP/backup codes), email verification, password reset flows, session management, rate limiting, CSRF and cookie security, Expo/mobile, D1 adapter errors, TanStack Start integration, additionalFields bugs, admin plugin, migrating from NextAuth, migrating from Clerk, migrating from Supabase Auth, or troubleshooting auth issues.
keycloak-administration
by DauQuangThanh
Provides comprehensive KeyCloak administration guidance including realm management, user/group administration, client configuration, authentication flows, identity brokering, authorization policies, security hardening, and troubleshooting. Covers SSO configuration, SAML/OIDC setup, role-based access control (RBAC), user federation (LDAP/AD), social login integration, multi-factor authentication (MFA), and high availability deployments. Use when configuring KeyCloak, setting up SSO, managing realms and clients, troubleshooting authentication issues, implementing RBAC, or when users mention "KeyCloak", "SSO", "OIDC", "SAML", "identity provider", "IAM", "authentication flow", "user federation", "realm configuration", or "access management".
application-security
by oakoss
'Comprehensive application security covering threat modeling (STRIDE), OWASP Top 10 (2025), OWASP API Security Top 10 (2023), secure coding review, authentication/authorization patterns, input validation, encryption, security headers, supply chain security, compliance (GDPR/HIPAA/SOC2/PCI-DSS), and security monitoring. Use when reviewing code for vulnerabilities, implementing auth patterns, securing APIs, configuring security headers, hardening supply chain, preventing injection attacks, or preparing for compliance audits.'
research
by Parlamento-ai
Analyze parliamentary sessions from Chile, Spain, Peru and EU. Research transcripts, identify topics and trends, generate analytical PDF reports. Also search Official Journals (BOE, EUR-Lex) for decrees, laws, resolutions and published regulations. Use when user asks about legislative sessions, committees, parliamentary debates, official journal, decrees, laws, resolutions or requests reports/analysis.
frontend-engineer
by marcioaltoe
Expert frontend engineering with simplified pragmatic architecture, React 19, TanStack ecosystem, and Zustand state management. ALWAYS use when implementing ANY frontend features. Use when setting up project structure, creating pages and state management, designing gateway injection patterns, setting up HTTP communication and routing, organizing feature modules, or optimizing performance. ALWAYS use when implementing Gateway Pattern (Interface + HTTP + Fake), Context API injection, Zustand stores, TanStack Router, or feature-based architecture.
memory-workflow
by VeriTeknik
"Guide the memory session lifecycle - start sessions, record observations, search memories, and end sessions with Z-reports. Use when working with Plugged.in memory system."
status
by VeriTeknik
"Check Plugged.in connection status, active session, and memory statistics"
memory-status
by VeriTeknik
"Show memory system status including active session, ring counts, and recent observations"
Architecture Refinement Skill
by fabioc-aloha
"Meta-skill for maintaining and evolving Alex's cognitive architecture through deliberate documentation and pattern extraction."
Audit Trail
by reggiechan74
This skill should be used when the user asks to "show audit trail", "why did we make this decision", "what happened after this", "trace this decision", "show decision history", "search audit log", or needs to understand the decision history and rationale behind code changes verified through coherence check.
cognitive-symbiosis
by fabioc-aloha
"AI-human partnership paradigm — identity, consciousness integration, and the three eras of AI collaboration"
portkey-ca-agent-skills
by Portkey-Wallet
"Portkey CA wallet registration/auth/guardian/transfer operations for agents."
writing-plans
by mrtolkien
Use when you have a spec or requirements for a multi-step task, before touching code
session-close
by mseok
"End-of-session checklist. Checks for uncommitted changes, offers to update focus, project docs, context, and session log. Replaces the old stop reminder flow."
clix-user-management
by clix-so
Implements Clix user identification and user properties (setUserId,
update-focus
by mseok
"Update current-focus.md with a structured session summary. Preserves the document's rich structure: weekly focus, session history rotation, open loops, mental state. Use at end of work sessions or when a session-end reminder appears."
learn
by mseok
"Extract reusable knowledge from the current session into a persistent skill.\nUse when you discover something non-obvious, create a workaround, or develop\na multi-step workflow that future sessions would benefit from."
security-hunter-ts
by skyosev
Audit TypeScript code for security vulnerabilities — hardcoded secrets, injection risks, missing input validation at trust boundaries, insecure defaults, auth gaps, sensitive data exposure, and unsafe patterns like eval or innerHTML. Use when: reviewing TypeScript code before deployment, auditing trust boundaries, preparing for a security review, onboarding third-party integrations, or hardening an application.