Security

Core development principles and guidelines covering security, QA, performance, documentation, and coding standards. Used by all agents to ensure consistent quality across the Orchestra system.

Query and interact with Supabase databases using real-time subscriptions and PostgreSQL-compatible queries. Supports SELECT operations with Row Level Security (RLS), filtering, ordering, and pagination. Activated when users mention "supabase", "realtime database", or need Supabase backend features.

Comprehensive audit of Expo/React Native app API integration layer. Use when asked to: (1) Review API interactions, auth handling, or token management, (2) Find hardcoded data or screens bypassing API, (3) Verify user interactions properly sync to backend, (4) Analyze offline behavior and caching, (5) Audit Orval/OpenAPI code generation, (6) Check for API security issues. Supports TanStack Query, Zustand, axios, Expo Router, expo-secure-store, and expo-constants patterns.

Comprehensive code review for security, performance, maintainability, and best practices with impact analysis and authoritative references

Protocol for pausing project work to enhance ~/.claude infrastructure when generalizable patterns are detected, then seamlessly resuming project context.

Implement Supabase database patterns for PhotoVault including RLS policies, TypeScript queries, and storage operations. Use when working with database schemas, Row Level Security, migrations, storage buckets, auth.uid() policies, or debugging empty query results. Includes PhotoVault table structure and client setup patterns.

Gemini CLI delegation workflow with quota tracking, authentication, and usage logging.

Configure django-allauth with headless API, MFA, social authentication, and CORS for React frontends. This skill should be used when setting up authentication for a new Django project or adding django-allauth to an existing project that needs a React frontend integration. (project)

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

Comprehensive deployment validation for Cloudflare Workers, ensuring production readiness through automated checks of code quality, configuration, security, and environment setup.

Write secure, performant database queries using parameterized queries, eager loading, proper indexing, and transactions. Use this skill when writing database query code, ORM query methods, SQL statements, or data fetching logic. Use this when preventing SQL injection with parameterized queries, optimizing queries to avoid N+1 problems with eager loading, selecting specific columns instead of SELECT *, implementing database transactions for related operations, adding query timeouts, or caching expensive queries. Use this when working on repository files, service files with database access, query builder code, or any file that retrieves or manipulates data from databases.

Implement and validate FastAPI authentication strategies including JWT tokens, OAuth2 password flows, OAuth2 scopes for permissions, and Supabase integration. Use when implementing authentication, securing endpoints, handling user login/signup, managing permissions, integrating OAuth providers, or when user mentions JWT, OAuth2, Supabase auth, protected routes, access control, role-based permissions, or authentication errors.

This skill should be used when setting up organization-level app integrations (Reddit, Notion, LinkedIn, WordPress) with OAuth flows, encrypted token storage, API client wrappers, and usage logging in a Next.js App Router application. Use this skill when implementing external provider connections for a multi-tenant app with secure credential management, token refresh, and admin-controlled integration features.

CRITICAL security skill teaching proper credential and password handling. NEVER store passwords, use bcrypt/argon2, NEVER accept third-party credentials. Use when handling authentication, passwords, API keys, or any sensitive credentials.

Runner group organization strategies for GitHub Actions. Repository access restrictions, workflow controls, and security boundaries for self-hosted runners.

Performs thorough code reviews focusing on quality, best practices, security, and maintainability. Use when user asks for code review, feedback on code quality, or wants suggestions for improvements.

Use this skill when building MCP (Model Context Protocol) servers with FastMCP in Python. FastMCP is a framework for creating servers that expose tools, resources, and prompts to LLMs like Claude. The skill covers server creation, tool/resource definitions, storage backends (memory/disk/Redis/DynamoDB), server lifespans, middleware system (8 built-in types), server composition (import/mount), OAuth Proxy, authentication patterns, icons, OpenAPI integration, client configuration, cloud deployment (FastMCP Cloud), error handling, and production patterns. It prevents 25+ common errors including storage misconfiguration, lifespan issues, middleware order errors, circular imports, module-level server issues, async/await confusion, OAuth security vulnerabilities, and cloud deployment failures. Includes templates for basic servers, storage backends, middleware, server composition, OAuth proxy, API integrations, testing, and self-contained production architectures.Keywords: FastMCP, MCP server Python, Model Context

Manage and troubleshoot Coolify deployments using the official CLI and API. Use this skill when the user needs help with Coolify server management, WordPress troubleshooting on Coolify, debugging service issues, checking SSL certificates, accessing containers, or managing applications and databases through Coolify. Particularly useful for diagnosing down services, fixing .htaccess issues, REST API problems, and performing deployment operations.

This skill should be used when setting up, optimizing, or managing Templar AI miners on Bittensor Subnet 3 (netuid 3). Use it for tasks involving miner configuration, performance optimization, troubleshooting gradient scoring issues, managing Bittensor wallets with btcli, monitoring miner metrics, renting GPUs via Basilica for mining operations, or strategizing to achieve top miner ranking in the Templar decentralized training network. Integrates seamlessly with the basilica-cli-helper skill for GPU rentals.

Guides npm package maintenance tasks. Use when user mentions outdated packages, npm audit, security vulnerabilities, dependency updates, package optimization, unused dependencies, or devDependencies categorization. Recommends the npm-package-maintainer agent via /maintain commands.