Security

Ask the oracle (GPT-5.2 with deep reasoning) strategic technical questions. Use for architecture decisions, complex debugging, security analysis, or when you need a second expert opinion. Supports background execution for long-running queries.

Django ORM, admin panel, authentication, and building production Django applications.

Supabase open-source Firebase alternative with Postgres, authentication, storage, and realtime subscriptions. Use when building full-stack applications requiring integrated backend services with Next.js, React, or Vue.

Teach server action authentication and security patterns in Next.js 16. Use when implementing server actions, form handlers, or mutations that need authentication.

Automatically applies when writing function docstrings. Uses Google-style format with Args, Returns, Raises, Examples, and Security Note sections for proper documentation.

Create, debug, and optimize GitHub Actions workflows with security best practices. USE THIS SKILL when user says "create workflow", "fix workflow", "workflow fails", "add CI", "reusable workflow", or needs help with GitHub Actions.

Apply security practices for the .NET 8 WPF widget host app: authN/authZ, secrets, encryption at rest, and secure local storage. Use when handling credentials, tokens, user data, or integrating identity providers.

Language-agnostic backend patterns: API design, authentication, security, databases.Use when: designing APIs, implementing auth, securing endpoints, modeling data.Triggers: "api design", "rest api", "graphql", "authentication", "jwt", "oauth","security", "owasp", "database schema", "migrations", "sql".

Expert in auditing GCP projects for security, compliance, and best practices. **Use this skill when the user asks to audit a GCP project, review GCP project security, scan GCP resources, or check GCP project compliance.** Scans resources, IAM policies, service accounts, and detects excessive permissions in production environments.

Automate F5 Distributed Cloud web console operations through browser automation using mcp__claude-in-chrome MCP tools. Handles multi-provider authentication (Azure SSO, Google, Okta, SAML, native username/password), detecting session expiry and navigating login flows. Warns when VPN is required. Use when creating HTTP/TCP load balancers, origin pools, WAF policies, deploying cloud sites (AWS/Azure/GCP), managing DNS zones, configuring service policies, or executing any F5 XC GUI-based tasks. Triggers on: F5 XC console, GUI automation, browser automation, login, SSO, authenticate, tenant management, visual configuration, Web App and API Protection, WAAP.

Security best practices for Go applications. Use when writing security-sensitive code.

Professional security report generation, executive summaries, finding documentation, and remediation tracking

Comprehensive security scanning examples with SAST (CodeQL), dependency scanning, container vulnerability detection (Trivy), and SARIF upload to GitHub Security tab.

Guide for implementing MongoDB - a document database platform with CRUD operations, aggregation pipelines, indexing, replication, sharding, search capabilities, and comprehensive security. Use when working with MongoDB databases, designing schemas, writing queries, optimizing performance, configuring deployments (Atlas/self-managed/Kubernetes), implementing security, or integrating with applications through 15+ official drivers. (project)

Detects session management vulnerabilities including session fixation, session hijacking, and insecure cookie handling. Use when analyzing authentication sessions, cookie security, or investigating session-related vulnerabilities.

Production-ready authentication system for Next.js 15 + Supabase. Use when setting up auth, login, signup, OAuth, Google login, password reset, or user authentication.

Add a new Docker Compose service with automatic DNS configuration (OVH) and SSL certificates. Use when adding new web services to the homelab infrastructure.

Runtime security validation including secret scanning, PII detection, prompt injection defense, audit logging, and output validation for AI agents. Use when validating user input, scanning for secrets, detecting PII, preventing data exfiltration, or implementing security guardrails.

Reviews code for quality issues, potential bugs, security vulnerabilities, and adherence to best practices. Provides actionable feedback with specific line references.

Use this skill when the user mentions LimaCharlie or wants to work with endpoint detection, cloud security monitoring, detection rules, or security automation. This provides an overview of LimaCharlie components and their interconnections.