Security

Manage Google Tasks with full CRUD operations via Ruby scripts. This skill should be used when working with Google Tasks - creating, reading, updating, deleting, and organizing tasks and task lists. Supports task completion, subtask creation, task ordering, and integration with other Google skills through shared OAuth authentication.

Django framework best practices including project structure, ORM, and security.

Export Azure Logic App workflows to the local project. Checks Azure CLI authentication, confirms subscription, and exports workflow definitions, connections, and configuration for a specified Logic App.

Implements authentication with Clerk including user management, protected routes, middleware, and React components. Use when adding authentication, managing users, protecting routes, or implementing sign-in/sign-up flows.

AWS CLI v2 quick-reference for experienced developers. Covers compute (Lambda, ECS, EKS), storage (S3, DynamoDB, Aurora), networking (VPC, SSM tunneling), security (IAM, Secrets Manager), and GitHub Actions CI/CD. Use when asked to "write aws commands", "debug aws access", "set up cross-account roles", "configure aws cli", "assume role", "S3 bucket operations", or "deploy to ECS".

Review test cases for OAuth/OIDC error handling. Covers authorization endpoint errors, token endpoint errors, error response formats, HTTP status codes, and all error codes per OAuth 2.1 and OIDC Core 1.0.

Implement enterprise Single Sign-On (SSO) authentication supporting multiple identity providers with JWT RS256 tokens, backwards verification, session management, and cross-system permission mapping. Use this skill when building authentication systems that integrate with multiple enterprise SSO providers or when implementing secure token validation with session verification.

Deploy Firebase Firestore security rules and indexes automatically. Use when Firestore query errors mention "requires an index", when firestore.rules or firestore.indexes.json are modified, or when user requests Firebase deployment.

Write efficient and secure database queries following best practices for SQL injection prevention, N+1 query optimization, and performance for PostgreSQL (Bun.sql, Prisma, Supabase) and Firestore. Use this skill when writing or modifying database queries, implementing data fetching logic, working with ORMs (Prisma, TypeORM, Entity Framework), using Bun.sql native driver, querying Firestore collections, or implementing caching strategies. Apply when working on service files (services/*.ts, repositories/*.ts, *Service.cs), query builder implementations, data access layers, or any code that fetches or manipulates data. This skill ensures parameterized queries to prevent SQL injection (never interpolate user input), eager loading to prevent N+1 problems, selective column fetching (no SELECT *), strategic indexing on WHERE/JOIN/ORDER BY columns, transactions for related operations, query timeouts for performance, caching expensive queries, prepared statements with Bun.sql for repeated queries, and query-driven modeling for Firestore to avoid complex OR queries.

Use when auditing Claude Code plugin security or implementing secure practices - security guidelines with credential handling, hook safety, and MCP security for November 2025 specifications

Use when you need to find code by concept (not just text). Uses Serena MCP for semantic code search across the codebase with minimal token usage. Ideal for understanding architecture, finding authentication flows, or multi-file refactoring.

Master authentication and authorization patterns including OAuth 2.0, OpenID Connect, JWT tokens, refresh tokens, role-based access control (RBAC), claims-based authorization, and secure token storage for .NET applications with OpenIddict and ABP Framework.

Emergency release workflow for critical bug fixes and security patches. Use when production issues require fast-track deployment.

This skill should be used when an agent is assigned to write a section of technical documentation. Provides guidance on breaking down large tasks, using doc-coauthoring workflow, and coordinating with VibeKanban task management. Use when task description mentions "write section", "document this component", or "expand documentation".

Comprehensive guide to localStorage patterns for the Plataforma B2B de treinamento técnico corporativo educational platform. This skill covers schema design, error handling strategies, quota management, and synchronization patterns essential for building resilient web applications with client-side persistence. Learn how to handle common localStorage errors (QuotaExceededError, SecurityError, DOMException), implement graceful degradation, manage storage quotas (5-10MB browser limits, 50KB per note), and sync localStorage with React state. The skill emphasizes defensive programming, user-friendly error messages, and fallback strategies. Real-world examples are taken directly from the project codebase, including CNotesView, BashNotesView, and auto-save patterns used across 5 learning systems. Each pattern is demonstrated with production code showing how localStorage is used to persist 227 educational modules' progress and user notes. Key topics include try/catch patterns for all localStorage operations, QuotaExceededError handling (clear old data, warn user), SecurityError handling (private browsing detection), schema design for JSON storage, versioning strategies, migration patterns, and testing localStorage in different browser contexts. This skill is essential for implementing US-041 (localStorage error handling), US-042 (persist module progress), refactoring auto-save logic into custom hooks (useAutoSaveNotes), and maintaining data integrity across the educational platform. Includes troubleshooting guides for common issues encountered in production.

Manage authentication, authorization, and user sessions. Use when dealing with login, sign-up, API protection, middleware, or user data fetching.

Interactive setup wizard for development environments. ALWAYS trigger first when users want to set up, create, or initialize a new development environment. Asks discovery questions about tech stack, services, and preferences, then coordinates other skills (zero-to-running, database-seeding, git-hooks, local-ssl, env-manager) to generate a customized environment.

Configures secure authentication with Azure using OIDC (OpenID Connect). Eliminates long-lived secrets by integrating GitHub Actions with Azure AD for secure resource access.

Use when you need to research, analyze, and plan technical solutions that are scalable, secure, and maintainable.

Comprehensive read-only code review analyzing code quality, security vulnerabilities, performance issues, best practices compliance, and VSCode diagnostics. Use when user asks to review code, check for errors, analyze code quality, mentions security review, or wants feedback on their code.