Security

Auto-invoke when reviewing authentication, authorization, input handling, data exposure, or any user-facing code. Enforces OWASP top 10 awareness and security-first thinking.

SSO integration guidance for fort-nix services. Use when adding authentication to a service, choosing an SSO mode, configuring oauth2-proxy, or troubleshooting auth issues.

This skill activates when checking for hardcoded credentials, API keys, database passwords, and other secrets in source code. Provides patterns to detect leaks, scanning strategies, and best practices for secret management across all languages.

Periodically upgrade npm dependencies and GitHub Actions to keep project current and secure

Apply project-specific security and privacy guardrails (auth, headers, rate limiting, logging). Use when touching authentication, request handling, metrics exposure, or anything that could leak sensitive data.

Skill cho việc analyze, audit, và improve security của applications.

Security audits, vulnerability analysis, and security best practices enforcement

Static security analysis of HTML forms without sending any requests. Checks for CSRF tokens, insecure actions, missing validation, hidden field issues, and common security misconfigurations. Safe to run - no payloads sent. Use when user asks to "analyze form security", "check form for vulnerabilities", "static security check".

Expert Next.js development assistant with 10+ years experience. Automatically audits, generates, and fixes Next.js applications using latest versions (Next.js 14+, React 19+, Tailwind CSS 3+). Use when working with Next.js projects for code generation, security audits, performance optimization, component creation, authentication implementation, or comprehensive project analysis. Handles Server/Client components, API routes, middleware, and ensures production-ready, secure code.

Implements authentication with Auth.js/NextAuth.js v5 including OAuth providers, credentials, sessions, and route protection. Use when adding authentication to Next.js, configuring OAuth providers, or protecting routes.

Understanding GitHub Actions secret types, storage hierarchy, and threat model. Secure patterns for managing credentials, tokens, and sensitive configuration.

Detects unsafe signed/unsigned integer conversions that can lead to integer overflow and security check bypasses. Use when analyzing integer operations, comparisons, or investigating conversion-related vulnerabilities.

Manage Cloudflare infrastructure including DNS records, zones, SSL/TLS, caching, firewall rules, Workers, Pages, and analytics. Use when working with Cloudflare APIs, creating or modifying DNS records, managing domain security, purging cache, deploying Workers/Pages, or analyzing traffic. Created by After Dark Systems, LLC.

This skill provides comprehensive knowledge for integrating Neon serverless Postgres and Vercel Postgres (which is built on Neon infrastructure) into web applications. It should be used when setting up serverless Postgres databases, configuring connection pooling for edge and serverless environments, implementing database branching workflows, or troubleshooting Postgres connection issues in Cloudflare Workers, Vercel Edge Functions, or Node.js serverless functions.Use this skill when:- Setting up Neon Postgres for Cloudflare Workers, Vercel Edge, or serverless environments- Configuring Vercel Postgres for Next.js applications- Implementing database branching workflows (git-like database branches)- Integrating Drizzle ORM or Prisma with Neon/Vercel Postgres- Debugging connection pool errors, transaction timeouts, or SSL configuration issues- Migrating from D1/SQLite to Postgres or from traditional Postgres to serverless Postgres- Setting up point-in-time restore (PITR) or database backups- Encounteri

Design and implement RESTful APIs, GraphQL endpoints, and backend API architecture following modern standards. Use this skill when creating or modifying API endpoints, route handlers, controllers, API middleware, authentication/authorization logic, or any files that define HTTP endpoints such as routes.py, api.js, controllers/, endpoints/, or API specification files (OpenAPI/Swagger). Apply this skill when implementing API versioning, rate limiting, request/response handling, API documentation, or when working with API gateway configurations. This skill is essential for building scalable, secure, and well-documented APIs that follow RESTful principles, handle errors gracefully, and provide consistent developer experiences across microservices and serverless architectures.

Connect to and interact with Azure Blob Storage (ADLS Gen2). Use when working with Azure blob storage, listing containers, reading files, uploading data, or when user mentions Azure storage, blob containers, or ADLS. Handles authentication, container operations, and blob management.

ABP Framework cross-cutting patterns including authorization, background jobs, distributed events, multi-tenancy, and module configuration. Use when: (1) defining permissions, (2) creating background jobs, (3) publishing/handling distributed events, (4) configuring modules.

Backend API authentication patterns with Clerk JWT middleware and route protection. Use when building REST APIs, GraphQL APIs, protecting backend routes, implementing JWT validation, setting up Express middleware, or when user mentions API authentication, backend security, JWT tokens, or protected endpoints.

Guide for implementing Better Auth - a framework-agnostic authentication and authorization framework for TypeScript. Use when adding authentication features like email/password, OAuth, 2FA, passkeys, or advanced auth functionality to applications.

Delta Sharing configuration, monitoring, and recipient management for secure cross-organization data sharing.