Security

Node.js development principles and decision-making. Framework selection, async patterns, security, and architecture. Teaches thinking, not copying.

This skill should be used when the user asks to "review code", "review PR", "code review", "audit code", "check for bugs", "security review", "review my changes", "find issues in this code", "review the diff", or asks for pull request review or code audit.

Sets up the full Neon JS SDK with unified auth and PostgREST-style database queries. Configures auth client, data client, and type generation. Use when building apps that need both authentication and database access in one SDK.

Sets up Neon Auth for your application. Configures authentication, creates auth routes, and generates UI components. Use when adding authentication to Next.js, React SPA, or Node.js projects.

Designs system architecture, selects tech stacks, defines components and interfaces, addresses non-functional requirements. Trigger words - architecture, system design, tech stack, components, scalability, security, API design, data model, NFR, patterns, microservices, monolith

Use this skill when creating, improving, or optimizing prompts for Claude. Applies Anthropic's best practices for prompt engineering including clarity, structure, consistency, hallucination reduction, and security. Useful when users request help with writing prompts, improving existing prompts, reducing errors, increasing consistency, or implementing specific techniques like chain-of-thought, multishot prompting, or XML structuring.

Review code for best practices, potential bugs, security vulnerabilities, and performance issues

Example skill demonstrating secure file reference resolution with supporting files

Execute threat modeling, vulnerability scanning, and security control validation. Use when relevant to the task.

Review GitHub pull requests for code quality, security, and best practices. Use for automated PR feedback and approval workflows.

Build real-time, reactive backend applications with Convex using TypeScript queries, mutations, and actions with automatic reactivity and optimistic updates. Use when building real-time collaborative applications, implementing reactive data synchronization, writing serverless backend functions, creating queries that auto-update, implementing mutations with transactional guarantees, handling file uploads with Convex storage, implementing authentication with Convex Auth, designing reactive database schemas, or building applications requiring instant data synchronization.

Implement React Server Actions in Next.js 14+ for secure, progressively enhanced form handling and server mutations without API routes. Use when handling form submissions, performing server-side mutations, implementing progressive enhancement, creating actions that work without JavaScript, validating data on the server, revalidating cached data after mutations, handling file uploads server-side, implementing optimistic UI updates, or building forms that gracefully degrade without client-side JavaScript.

Supabase integration specialist. Handles database schema, authentication, Row Level Security (RLS), real-time subscriptions, and storage. Connects existing UI to real backend. Only called AFTER UI exists with mock data. Triggers: connect database, connect Supabase, add auth, make login, backend integration, real data, authentication, database schema.

Design clean, scalable, and maintainable REST and GraphQL APIs following industry best practices. Use when designing public or internal APIs, planning endpoint structures, defining request/response contracts, establishing versioning strategies, implementing authentication patterns, designing data models, creating API documentation, ensuring consistent error handling, optimizing for performance, or establishing service contracts between microservices.

Use when writing shell scripts following modern best practices. Covers portable scripting, Bash patterns, error handling, and secure coding.

Use when implementing Kubernetes security best practices including RBAC, pod security policies, and network policies.

Use when configuring Fnox providers for encryption and secret storage. Covers age encryption, cloud providers (AWS, Azure, GCP), and password managers.

Use when configuring GitLab CI/CD variables, managing secrets, or integrating with external secret providers. Covers secure credential handling.

Use when implementing secure secrets management with Fnox. Covers encryption, key management, access control, and security hardening.

Use when working with Crystal language development including WebSocket communication, TLS/SSL configuration, HTTP frameworks, ORM operations, and high-performance concurrent systems.