Security

Designs, implements, and deploys Microsoft 365 Copilot agents using TypeSpec and ATK CLI. Provides architectural guidance, capability configuration, security patterns, and lifecycle management. Use when developing M365 Copilot agents, working with TypeSpec, or managing agent deployments. For creating new projects, use the m365-agent-scaffolder skill.

Manage environment variables securely. Handles distinction between .env (template) and .env.local (secrets).

Pattern for client components calling server actions to set cookies in Next.js. Covers the two-file pattern of a client component with user interaction (onClick, form submission) that calls a server action to modify cookies. Use when building features like authentication, preferences, or session management where client-side triggers need to set/modify server-side cookies.

Perform security-focused code review using OWASP guidelines and AI-specific security best practices.

This skill provides comprehensive knowledge for working with the Anthropic Claude Agent SDK. It should be used when building autonomous AI agents, creating multi-step reasoning workflows, orchestrating specialized subagents, integrating custom tools and MCP servers, or implementing production-ready agentic systems with Claude Code's capabilities.Use when building coding agents, SRE systems, security auditors, incident responders, code review bots, or any autonomous system that requires programmatic interaction with Claude Code CLI, persistent sessions, tool orchestration, and fine-grained permission control.Keywords: claude agent sdk, @anthropic-ai/claude-agent-sdk, query(), createSdkMcpServer, AgentDefinition, tool(), claude subagents, mcp servers, autonomous agents, agentic loops, session management, permissionMode, canUseTool, multi-agent orchestration, settingSources, CLI not found, context length exceeded

Authenticate to AWS using Single Sign-On (SSO). Use when AWS CLI operations require SSO authentication or when SSO session has expired.

Comprehensive JWT authentication expert for senior developers (10+ years experience). Intelligently detects project language/framework and implements production-ready JWT auth systems with refresh tokens, secure HTTP-only cookies, token rotation, blacklisting, RBAC, MFA, and complete security. Covers Express, FastAPI, Next.js, React, Django, Flask, NestJS, and more. Automatically audits JWT implementations, generates complete auth systems (registration, login, logout, refresh, password reset), implements middleware, prevents XSS/CSRF attacks, uses bcrypt/argon2 hashing, and follows OWASP best practices. Use for implementing JWT authentication, token refresh flows, secure cookie storage, protected routes, role-based access control, security audits, and complete auth system generation.

Analyze and update Python dependencies in pyproject.toml, checking for compatibility and security vulnerabilities. Use when: updating dependencies, checking security issues, dependency analysis, version pinning, pip-audit, outdated packages.

Expert in managing GCP Groups (Google Cloud Identity and Azure AD) via the Groups API. **Use this skill whenever the user mentions 'groups', 'group members', 'add to group', or 'remove from group'.** Handles listing members (with file-based approach for large groups), adding/removing members, and checking membership. Uses ADM token authentication. **DO NOT use for ServiceNow groups.**

WHEN: FastAPI project review, Pydantic models, async endpoints, dependency injectionWHAT: Pydantic validation + Dependency injection + Async patterns + OpenAPI docs + SecurityWHEN NOT: Django → django-reviewer, Flask → flask-reviewer, General Python → python-reviewer

Guide for integrating Gemini AI models with Firebase using Firebase AI Logic SDK. This skill should be used when implementing Gemini features (chat, content generation, structured JSON output), configuring security (App Check), or troubleshooting issues (rate limits, schema errors).

Look up HVAC equipment specifications (capacity, efficiency, dimensions, electrical requirements) by brand and model number. Use when the user mentions equipment specs, model numbers, AHU, VAV, chiller, boiler, pump, fan specifications, or needs to find manufacturer data sheets. Searches manufacturer websites and processes PDF spec sheets with security safeguards.

Complete knowledge domain for Cloudflare Hyperdrive - connecting Cloudflare Workers to existing PostgreSQL and MySQL databases with global connection pooling, query caching, and reduced latency.Use when: connecting Workers to existing databases, migrating PostgreSQL/MySQL to Cloudflare, setting up connection pooling, configuring Hyperdrive bindings, using node-postgres/postgres.js/mysql2 drivers, integrating Drizzle ORM or Prisma ORM, or encountering "Failed to acquire a connection from the pool", "TLS not supported by the database", "connection refused", "nodejs_compat missing", "Code generation from strings disallowed", or Hyperdrive configuration errors.Keywords: hyperdrive, cloudflare hyperdrive, workers hyperdrive, postgres workers, mysql workers, connection pooling, query caching, node-postgres, pg, postgres.js, mysql2, drizzle hyperdrive, prisma hyperdrive, workers rds, workers aurora, workers neon, workers supabase, database acceleration, hybrid architecture, cloudflare tunnel database, wrangler h

Builds APIs with Express including routing, middleware, error handling, and security. Use when creating Node.js APIs, building REST services, or adding middleware-based server functionality.

This skill should be used when the user asks to "create terraform configuration", "deploy static site", "set up cloudfront", "configure route53", "create lambda function", "ssl certificate", or mentions S3 website hosting, CDN, serverless, JAMstack, or static site infrastructure.

macOSアプリのセキュリティレビュー。Notarization、Hardened Runtime、Sandbox、コード署名をチェック。Use when: macOS、公証、Notarization、Sandbox、署名 を依頼された時。

RBAC/監査ログ/秘密情報/マルチテナント越境/LLMプロンプト注入の観点でレビューする。

Performs structured code reviews focusing on bugs, security, performance, and best practices. Use when reviewing code, pull requests, diffs, or when the user asks for feedback on implementations.

Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.

Security management for Hostinger VPS srv759970 - Fail2ban, WordPress security audits (25+ checks, 0-100% scoring), infrastructure audit. Use for security hardening, IP bans, or security assessments.