Security

Complete organization onboarding wizard for LimaCharlie. Discovers local cloud CLIs (GCP, AWS, Azure, DigitalOcean), surveys cloud projects, identifies VMs for EDR installation and security-relevant log sources (IAM, audit logs, network logs). Guides EDR deployment via OS Config (GCP), SSM (AWS), VM Run Command (Azure). Creates cloud adapters for log ingestion. Confirms sensor connectivity and data flow. Use when setting up new tenants, connecting cloud infrastructure, deploying EDR fleet-wide, or onboarding hybrid environments.

This skill builds complete authentication flows (JWT, OAuth, session-based) with security best practices.Supports Python (FastAPI, Flask), Node.js/Bun (Hono, Express), and includes registration, login, logout, refresh tokens, password reset.Implements bcrypt/argon2 hashing, JWT signing/verification, session management, CSRF protection, rate limiting.Activate when user says "add authentication", "build login", "JWT auth", "OAuth integration", or needs secure auth.Output: Complete auth system with endpoints, middleware, security, tests, and documentation.

Create or refine a concise, normative security policy ("Blue Book") for sensitive applications. Use when users need a threat model, data classification rules, auth/session policy, logging and audit requirements, retention/deletion expectations, incident response, or security gates for apps handling PII/PHI/financial data.

Manage project dependencies effectively. Use when adding, updating, or auditing dependencies. Covers version management, security scanning, and lockfiles.

List deployments. Requires authentication. Use for Agentuity cloud platform operations

Set an environment variable. Requires authentication. Use for Agentuity cloud platform operations

Generate secure passwords and passphrases with customizable rules. Check password strength, generate bulk passwords, and create memorable passphrases.

Multi-stage builds, security, optimization

Generate TOTP codes for 2FA authentication. Essential for my survival!

Next.js 16 patterns for App Router, Server/Client Components, proxy.ts authentication, data fetching, caching, and React Server Components. Use when building Next.js applications with modern patterns.

Send messages to Slack using Incoming Webhooks. Simple one-way messaging to a specific channel without OAuth setup.

Production-ready Auth.js v5 setup for Next.js and Cloudflare Workers. Use when: setting up authentication, implementing OAuth/credentials/magic links, configuring D1 or PostgreSQL adapters, debugging session issues, migrating from v4 to v5, fixing edge compatibility, troubleshooting JWT/database sessions, resolving AUTH_SECRET errors, fixing CallbackRouteError, or implementing RBAC. Covers: Next.js App Router & Pages Router, Cloudflare Workers + D1, OAuth providers (GitHub, Google, etc.), credentials auth, magic links, JWT vs database sessions, middleware patterns, role-based access control, token refresh, edge runtime compatibility, and common error prevention. Keywords: Auth.js, NextAuth.js, authentication, OAuth, credentials, magic links, D1 adapter, Cloudflare Workers, Next.js middleware, JWT session, database session, refresh tokens, RBAC, edge compatibility, AUTH_SECRET, CallbackRouteError, CredentialsSignin, JWEDecryptionFailed, session not updating, route protection

Diagnoses and resolves MCP server registration failures, GPU detection, BigQuery authentication, index build failures, import errors, search quality issues, and performance problems.

Security configuration for Bazzite. LUKS disk encryption with TPM auto-unlock, secure boot key management, and sudo password feedback. Use when users need to configure security features.

Systematic code review guidance and automation. Apply TRUST 5 principles, check code quality, validate SOLID principles, identify security issues, and ensure maintainability. Use when conducting code reviews, setting review standards, or implementing review automation.

JupyterLab ML/AI development environment management via Podman Quadlet. Supports multi-instance deployment, GPU acceleration (NVIDIA/AMD/Intel), token authentication, and per-instance configuration. Use when users need to configure, start, stop, or manage JupyterLab containers for ML development.

Provides guidance and utilities for securely accessing the Financeiro RATC production server via SSH. Use this when you need to connect to the production server, run commands, check logs, manage services, troubleshoot issues, or work with the Next.js application.

Orchestrate workflows across multiple AI models (Perplexity, GPT, Grok, Claude, Gemini) for comprehensive security research, competition execution, and strategic analysis using GUI interfaces or API automation

Firebase integration patterns for CJS2026 - Cloud Functions, Firestore operations, security rules, and authentication flows

This skill provides comprehensive WordPress development expertise including self-hosted setup with Docker and Nginx, theme development (block and classic), plugin development with security best practices, performance optimization, and security hardening. Use this skill when setting up WordPress environments, developing themes or plugins, optimizing page load times, or implementing security measures. Triggers on requests involving WordPress, WP-CLI, WordPress hooks and filters, theme customization, plugin creation, or WordPress security and performance.