Security
2492 skills in Testing & Security > Security
code-reviewer-advanced
Use when reviewing code for quality, design issues, implementation problems, security vulnerabilities, or architectural concerns. Apply when user asks to review code, check implementation, find issues, or audit code quality. Use proactively after implementation is complete. Also use to provide feedback to system-architect and principal-engineer on design and implementation decisions.
rabbitmq-master
Ultimate RabbitMQ expertise skill for production-grade message broker architecture, implementation, and operations. Top 0.01% knowledge covering: (1) Advanced messaging patterns - Dead Letter Exchanges, Delayed Messages, Priority Queues, Consistent Hash Exchange, Sharding, (2) High Availability - Clustering, Quorum Queues, Stream Queues, Federation, Shovel, (3) Performance Engineering - prefetch tuning, connection pooling, batch publishing, memory optimization, flow control, (4) Security - TLS/mTLS, OAuth2, LDAP, certificate rotation, (5) Monitoring - Prometheus metrics, custom health checks, anomaly detection, (6) Troubleshooting - memory alarms, network partitions, queue backlogs, consumer starvation, (7) Multi-tenancy - vhost design, resource limits, isolation patterns, (8) Event-driven architectures - CQRS, Event Sourcing, Saga patterns with RabbitMQ. Use when: building messaging systems, debugging RabbitMQ issues, optimizing performance, designing HA architectures, implementing advanced patterns, product
multi-source-policy-aggregation
Aggregate Kyverno policies from security, DevOps, and application teams into unified enforcement. Build multi-stage containers using OCI repo dependencies.
sandbox-awareness
Awareness of goldbox sandbox mode. Use when discussing security, running untrusted code, or when user asks about isolation.
1password
Securely retrieve secrets from 1Password using the 'op' CLI tool without displaying sensitive information. Use when working with API keys, tokens, passwords, SSH keys, database credentials, or any secrets stored in 1Password. All secret values are stored only in environment variables and NEVER displayed in output or context.
github-auth
Securely authenticate with GitHub using stored credentials for API operations and git commands
code-review-skill
Reviews code for best practices, security vulnerabilities, and adherence to the project's style guide. It provides actionable feedback and refactoring suggestions.
cloud-auth
Flow Nexus authentication and user management. Use for login, registration, session management, password reset, and user account operations.
unity-catalog-governance
Unity Catalog governance patterns, permissions models, security best practices, and policy enforcement for enterprise data governance.
handling-authentication
Handling authentication and authorization in StickerNest. Use when the user asks about login, signup, auth, session, protected routes, user context, JWT, tokens, logout, or permission checks. Covers Supabase Auth, AuthContext, protected routes, and widget auth.
mcp-go-live
Guide developers through Intility's production go-live checklist for MCP servers, ensuring security compliance with the lethal trifecta rules, Intility Software Engineering Policy, and infrastructure requirements. Use when a developer is ready to deploy an MCP server to production.
access-management
RBAC/ABAC implementation patterns, least privilege access, row-level security, column masking, and access review workflows.
github-actions-security-cheat-sheet
Quick reference for GitHub Actions security patterns. Copy-paste snippets for action pinning, token permissions, secrets, runners, and workflow hardening.
nuxt-tanstack-mastery
Panduan senior/lead developer 20 tahun pengalaman untuk Vue.js 3 + Nuxt 3 + TanStack Query development. Gunakan skill ini ketika: (1) Membuat project Nuxt 3 baru dengan arsitektur production-ready, (2) Integrasi TanStack Query untuk data fetching, (3) Debugging Vue/Nuxt yang kompleks, (4) Review code untuk clean code compliance, (5) Optimisasi performa aplikasi Vue/Nuxt, (6) Setup folder structure yang scalable, (7) Mencari library terpercaya untuk Vue ecosystem, (8) Menghindari common pitfalls dan bugs, (9) Implementasi state management patterns, (10) Security hardening aplikasi Nuxt.Trigger keywords: vue, vuejs, nuxt, nuxtjs, tanstack, vue-query, composition api, pinia, vueuse, vue router, clean code vue, debugging vue, folder structure nuxt.
testing-apis
Test REST and GraphQL APIs for authentication bypasses, authorization flaws, IDOR, mass assignment, injection attacks, and rate limiting issues. Use when pentesting APIs or testing microservices security.
threat-model-generation
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
sanitizing-public-releases
PARAMOUNT security gate that scans for sensitive data before public releases. Detects absolute paths, API keys, instance files, and private information. Use when preparing cherry-picks to public repo, releasing versions, or reviewing contributions.
developer
Senior-level development guidance for this project. Use when writing code, implementing features, refactoring, reviewing code architecture, or when best practices and security considerations are needed. (project)
gemini-image-generator
Generate images using Google Gemini NanoBanana via browser automation. Use this skill for general-purpose AI image generation from text prompts. Includes persistent authentication, automatic environment setup, and reference image support for style matching.
npmrc-config
NPM registry configuration template (.npmrc.template) and validation logic for GitHub Packages authentication with pnpm hoisting settings. Includes 4 critical standards (GitHub Package Registry config with token placeholder, pnpm hoisting for monorepo compatibility, exact version management, security documentation). Use when creating or auditing .npmrc.template files to prevent token leakage.