Security

Perform security audits detecting OWASP Top 10 vulnerabilities, insecure dependencies, and security misconfigurations. Use when auditing applications for security vulnerabilities.

Route protection and authorization patterns for Clerk middleware. Use when implementing route guards, protecting API routes, configuring middleware matchers, setting up role-based access control, creating auth boundaries, or when user mentions middleware, route protection, auth guards, protected routes, public routes, matcher patterns, or authorization middleware.

Generate optimized, production-ready Dockerfiles with multi-stage builds, security best practices, and proper layer caching for various application types. Triggers on "create Dockerfile", "generate Dockerfile for", "docker image for", "containerize my app".

Generates comprehensive role-based permission matrices in markdown or SQL format for pages, components, and data access patterns. This skill should be used when designing authorization systems, documenting permissions, creating RBAC tables, or planning access control. Use for RBAC, role permissions, access control, authorization matrix, permission mapping, or security policies.

Implement full Better Auth registration/login with JWT tokens and protect routes when authentication is mentioned

A2A agent card JSON templates with schema validation and examples for different agent types. Use when creating agent cards, implementing A2A protocol discovery, setting up agent metadata, configuring authentication schemes, defining agent capabilities, or when user mentions agent card, agent discovery, A2A metadata, service endpoint configuration, or agent authentication setup.

Download and manage images from Unsplash API. Use when needing stock photos, hero images, or any free images for projects. Handles API authentication, search, download with proper attribution, and image optimization.

Dual-AI code validation using both Claude and Google Gemini to catch 20% more issues. Validates React Native screens for security vulnerabilities, performance anti-patterns, accessibility gaps, and best practices. Use when user says "validate with Gemini", "cross-validate", "AI review", or before deploying code to production.

Analyze git diff to identify code changes requiring documentation updates. Categorizes changes (database/schema, API endpoints, components, configuration, authentication) and suggests relevant documentation files to review. Use when: (1) After making code changes, (2) Before committing significant changes, (3) When adding new features or modifying APIs, (4) During PR preparation, (5) When working with database schemas, API routes, components, or configuration files, (6) To ensure documentation stays synchronized with code changes, (7) For documentation sync and maintenance, or (8) For pre-commit documentation checks. Triggers: check docs, docs check, documentation check, update docs, sync documentation, what docs need updating, check if docs are up to date, after code changes, before committing.

セキュリティ監査と脆弱性対策を支援します。OWASP Top 10に基づく包括的な脆弱性チェック、コード分析、リスク評価を提供します。セキュリティ脆弱性の特定、コンプライアンス確認、セキュアコーディング実装が必要な場合に使用してください。

Write meaningful code comments that explain WHY rather than WHAT, focusing on business logic, non-obvious solutions, workarounds, and complex algorithms while keeping code self-documenting. Use this skill when adding comments to explain rationale, documenting complex business logic, explaining workarounds or temporary solutions, describing performance optimizations, writing function documentation (JSDoc, docstrings, XML docs), or reviewing code for appropriate commenting. Apply when working on any code file that contains logic requiring explanation, public API functions, complex algorithms, security-critical code, or architectural decisions. This skill ensures comments explain rationale not implementation (WHY not WHAT), self-documenting code through clear naming (refactor unclear code instead of commenting), concise and evergreen comments (no who/when dated comments - Git tracks this), links to external resources for context, proper function documentation format (JSDoc for TS/JS, docstrings for Python, XML d

Master MongoDB authentication methods including SCRAM, X.509 certificates, LDAP, and Kerberos. Learn user creation, role assignment, and securing MongoDB deployments.

Dependency security scanning. Use when auditing npm packages for vulnerabilities.

Kubernetes deployment best practices including resource management, security, and observability.

This skill should be used when the user asks about "festival operations", "event management", "vendor management", "lost and found procedures", "security protocols", "customer service at events", "handling difficult customers", "festival emergencies", "marketing communications", or discusses managing festivals, winter events, or public gatherings.

OWASP Top 10, SAST/DAST, dependency security, and secrets management.

Security scanning tools (gosec, govulncheck). Use when running security analysis.

Create and harden systemd service unit files following modern best practices. Use when writing new systemd units for web applications, background workers, or daemons, or when hardening existing services with security sandboxing and isolation features. Covers service types, dependencies, restart policies, security options, and filesystem restrictions.

Reviews code for quality, security, and best practices

Activate when users need help setting up cloud security monitoring for AWS, Azure, or GCP, including adapter configuration, detection rules, and threat response.