Security

This skill automates database backups using the database-backup-automator plugin. It creates scripts for scheduled backups, compression, encryption, and restore procedures across PostgreSQL, MySQL, MongoDB, and SQLite. Use this when the user requests database backup automation, disaster recovery planning, setting up backup schedules, or creating restore procedures. The skill is triggered by phrases like "create database backup", "automate database backups", "setup backup schedule", or "generate restore procedure".

This skill helps you scan your codebase for exposed secrets and credentials. It uses pattern matching and entropy analysis to identify potential security vulnerabilities such as API keys, passwords, and private keys. Use this skill when you want to proactively identify and remediate exposed secrets before they are committed to version control or deployed to production. It is triggered by phrases like "scan for secrets", "check for exposed credentials", "find API keys", or "run secret scanner".

NextAuth.js v5の設定とカスタマイズパターンを専門とするスキル。 OAuth 2.0プロバイダー統合、データベースアダプター、セッション戦略、コールバック実装、型安全なセッション管理を提供する。 Anchors: • Web Application Security (Andrew Hoffman) / 適用: OAuth脅威モデリングとセッションセキュリティ / 目的: 安全な認証フロー設計 • NextAuth.js v5 Official Docs / 適用: プロバイダー設定とコールバック / 目的: 標準準拠の実装 Trigger: Use when implementing NextAuth.js authentication, configuring OAuth providers (Google, GitHub), integrating database adapters (Drizzle), designing session strategies (JWT or database-backed), customizing authentication callbacks, or adding role-based data to sessions. Keywords: nextauth, oauth, authentication, session, jwt, drizzle adapter, google oauth, github oauth

This skill helps you scan your codebase for exposed secrets and credentials. It uses pattern matching and entropy analysis to identify potential security vulnerabilities such as API keys, passwords, and private keys. Use this skill when you want to proactively identify and remediate exposed secrets before they are committed to version control or deployed to production. It is triggered by phrases like "scan for secrets", "check for exposed credentials", "find API keys", or "run secret scanner".

This skill helps you scan your codebase for exposed secrets and credentials. It uses pattern matching and entropy analysis to identify potential security vulnerabilities such as API keys, passwords, and private keys. Use this skill when you want to proactively identify and remediate exposed secrets before they are committed to version control or deployed to production. It is triggered by phrases like "scan for secrets", "check for exposed credentials", "find API keys", or "run secret scanner".

This skill allows Claude to conduct comprehensive security audits of code, infrastructure, and configurations. It leverages various tools within the security-pro-pack plugin, including vulnerability scanning, compliance checking, cryptography review, and infrastructure security analysis. Use this skill when a user requests a "security audit," "vulnerability assessment," "compliance review," or any task involving identifying and mitigating security risks. It helps to ensure code and systems adhere to security best practices and compliance standards.

This skill enables Claude to perform comprehensive database security scans using the database-security-scanner plugin. It is triggered when the user requests a security assessment of a database, including identifying vulnerabilities like weak passwords, SQL injection risks, and insecure configurations. The skill leverages OWASP guidelines to ensure thorough coverage and provides remediation suggestions. Use this skill when the user asks to "scan database security", "check database for vulnerabilities", "perform OWASP compliance check on database", or "assess database security posture". The plugin supports PostgreSQL and MySQL.

This skill enables Claude to encrypt and decrypt data using various algorithms provided by the encryption-tool plugin. It should be used when the user requests to "encrypt data", "decrypt a file", "generate an encrypted file", or needs to secure sensitive information. This skill supports various encryption methods and ensures data confidentiality. It is triggered by requests related to data encryption, decryption, or general data security needs.

This skill enables Claude to generate compliance reports based on various security standards and frameworks. It leverages the compliance-report-generator plugin to automate the report creation process. Use this skill when a user requests a "compliance report", "security audit report", or needs documentation for "regulatory compliance". The skill is particularly useful for generating reports related to standards like PCI DSS, HIPAA, SOC 2, or ISO 27001. It can also assist with documenting adherence to specific security policies.

This skill enables Claude to manage and monitor SSL/TLS certificates using the ssl-certificate-manager plugin. It is activated when the user requests actions related to SSL certificates, such as checking certificate expiry, renewing certificates, or listing installed certificates. Use this skill when the user mentions "SSL certificate", "TLS certificate", "certificate expiry", "renew certificate", or similar phrases related to SSL/TLS certificate management. The plugin can list, check, and renew certificates, providing vital information for maintaining secure connections.

暗号化・ハッシュ・CSPRNG・鍵管理の実装を安全に進めるためのスキル。要件整理から設計、実装、監査までの一連フローを提供する。Anchors:• Applied Cryptography / 適用: アルゴリズム選定と強度判断 / 目的: 標準準拠の基礎固め• Web Application Security / 適用: 脅威モデリング / 目的: 実装リスクの明確化• NIST SP 800-57 / 適用: 鍵管理 / 目的: ライフサイクル設計Trigger:Use when implementing cryptographic functions, selecting algorithms, generating secure random values, managing encryption keys, or auditing crypto implementations.cryptographic practices, crypto implementation, key management, csprng, algorithm selection

Domain specialist for code quality assessment, maintainability, complexity analysis, code smells detection, anti-patterns identification, and code style enforcement. Scope: code review methodologies, naming conventions, coding standards, technical debt management. Excludes: database design, API design, infrastructure, performance, security, deployment/CI/CD. Triggers: "quality", "code quality", "code health", "smell", "code smell", "anti-pattern", "complexity", "cyclomatic complexity", "maintainability", "naming", "naming convention", "style", "code style", "linting", "technical debt", "debt", "refactoring", "refactor", "review", "code review".

This skill enables Claude to manage Kubernetes network policies and firewall rules. It allows Claude to generate configurations and setup code based on specific requirements and infrastructure. Use this skill when the user requests to create, modify, or analyze network policies for Kubernetes, or when the user mentions "network-policy", "firewall rules", or "Kubernetes security". This skill is useful for implementing best practices and production-ready configurations for network security in a Kubernetes environment.

コマンドのセキュリティ設計（allowed-tools制限/disable-model-invocation/機密情報保護）を整理し、安全な実行フローと権限制御を支援するスキル。セキュリティ要件、検証手順、テンプレート運用を一貫して整理する。Anchors:• Web Application Security (Andrew Hoffman) / 適用: 脅威モデリング / 目的: セキュア設計指針• OWASP Top 10 / 適用: 一般的脅威の整理 / 目的: リスク評価基準Trigger:Use when designing secure command execution, restricting tools, or preventing unsafe automated operations.command security, allowed-tools, disable-model-invocation, secret protection

Expert guidance on Turborepo build orchestration and remote caching workflow. Use this skill when running build commands, troubleshooting caching issues, working with monorepo task execution, or investigating CI/CD pipeline problems. Covers the critical pattern of always using root-level pnpm scripts, understanding the turbo-wrapper.js authentication system, filter syntax for targeting packages, and remote cache configuration.

This skill analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance issues. It helps identify potential risks in your project's dependencies using the dependency-checker plugin. Use this skill when you need to check dependencies for vulnerabilities, identify outdated packages that need updates, or ensure license compatibility. Trigger phrases include "check dependencies", "dependency check", "find vulnerabilities", "scan for outdated packages", "/depcheck", and "license compliance". This skill supports npm, pip, composer, gem, and go modules projects.

Authentication and authorization patterns including OAuth2, JWT, RBAC/ABAC, session management, API keys, password hashing, and MFA. Use when implementing login, access control, identity management, tokens, permissions, or security features.

Validates environment variables in CI, prevents secret leaks, enforces masking, and provides fail-fast validation with clear documentation. Use for "secrets management", "env var validation", "credential security", or "secret masking".

This skill enables Claude to manage container registries, including ECR, GCR, and Harbor. It should be used when the user needs to create, configure, or manage container image registries. It helps generate production-ready configurations, implement best practices, and ensure a security-first approach. Use this skill when the user mentions terms like "container registry," "ECR," "GCR," "Harbor," "image repository," or requests assistance with managing container images. It's also helpful for generating configuration code for DevOps pipelines related to container registries.

Scan MCP servers for security vulnerabilities, prompt injection attacks, and tool poisoning. Use this when the user wants to check if an MCP server is safe, analyze security risks, detect malicious tools, or verify MCP package integrity before installation.