Security

WHEN: CI/CD pipeline review, GitHub Actions, GitLab CI, Jenkins, build optimizationWHAT: Pipeline structure + Job optimization + Security scanning + Caching strategy + Deployment patternsWHEN NOT: Kubernetes → k8s-reviewer, Terraform → terraform-reviewer

Reverses and exploits mobile applications. Use when working with Android APK files, iOS IPA files, mobile app reversing, Frida hooking, or app security analysis challenges.

Comprehensive Blazor development expertise covering Blazor Server, WebAssembly, and Hybrid apps. Use when building Blazor components, implementing state management, handling routing, JavaScript interop, forms and validation, authentication, or optimizing Blazor applications. Includes best practices, architecture patterns, and troubleshooting guidance.

Use when reviewing code for quality, security vulnerabilities, and best practices

Universal security checklist and fixes for ANY project type or language

Better Auth TypeScript/JavaScript authentication library. Use when implementing auth in Next.js, React, Express, or any TypeScript project. Covers email/password, OAuth, JWT, sessions, 2FA, magic links, social login with Next.js 16 proxy.ts patterns.

Build Shopify applications, extensions, and themes using GraphQL/REST APIs, Shopify CLI, Polaris UI components, and Liquid templating. Capabilities include app development with OAuth authentication, checkout UI extensions for customizing checkout flow, admin UI extensions for dashboard integration, POS extensions for retail, theme development with Liquid, webhook management, billing API integration, product/order/customer management. Use when building Shopify apps, implementing checkout customizations, creating admin interfaces, developing themes, integrating payment processing, managing store data via APIs, or extending Shopify functionality.

B1_02 phase workspace setup protocol including npm outdated, npm audit, TypeScript version validation, quality gates enforcement. Ensures dependencies current, security patches applied, and workspace ready for implementation.

Expert-level Google Cloud CLI (gcloud) skill for managing GCP resources. This skill should beused when working with gcloud commands, gcp, google cloud, cloud run, cloud scheduler, alloydb,cloud storage, gcs buckets, firebase deploy, gcloud auth, gcloud config, service accounts,workload identity federation, iam permissions, or artifact registry. Use this to install gcloudon macOS, Windows, or Linux. Use this to manage multi-account configuration of GCP with gcloud.Use this to configure authentication on GCP with gcloud for OAuth, service accounts, andWorkload Identity Federation (WIF). Use this to set up IAM roles, permissions, and governance.Use this to deploy applications to Cloud Run or Firebase. Use this to manage database instancesincluding AlloyDB and Cloud SQL. Use this to configure GitHub Actions or Cloud Build CI/CDpipelines. Use this to set up Docker container deployments. Use this to write bash scripts forGCP automation. Use this to manage git-triggered deployments or configure API authent

Generate properly structured .env environment files with common variables, documentation comments, and secure placeholder patterns. Triggers on "create .env file", "generate environment variables", "env file for", "dotenv template".

Use when creating PRs to enforce code quality standards. Automated detection of anti-patterns, security issues, and code smells. Python 3.8+

Enterprise-ready web development for Next.js 16, React, and TypeScript incorporating Kaizen (continuous improvement) and Monozukuri (meticulous craftsmanship) principles. Use this skill when building web applications, APIs, React components, Next.js projects, or when the user requests clean, efficient, fast, simple, elegant, enterprise-grade, bulletproof, or production-ready web code. This skill enforces modern web best practices, TypeScript patterns, React optimization, security, and performance.

Evaluates whether a programming language dependency should be used by analyzing maintenance activity, security posture, community health, documentation quality, dependency footprint, production adoption, license compatibility, API stability, and funding sustainability. Use when users ask "should I use X or Y?", "are there better options for [feature]?", "what's a good library for [task]?", "how do we feel about [dependency]?", or when considering adding a new dependency, evaluating an existing dependency, or comparing/evaluating package alternatives.

OPA image security policies for container registry allowlisting, digest enforcement, and signature verification in Kubernetes.

Node.js server development patterns including async patterns, error handling, and security best practices.

Perform comprehensive dead code and clean-up analysis in Python projects using static analysis, coverage, dependency checks, and security scanning. Use when asked to clean up code, find unused code, analyze dependencies, or improve code quality.

Debug CSRF token issues and authentication problems including 403 Forbidden errors, cookie issues, JWT tokens, OAuth flows, and session management. Use when troubleshooting CSRF verification failed, 403 errors on POST requests, login not working, or token refresh issues.

Clerk modern authentication specialist covering WebAuthn, passkeys, passwordless, and beautiful UI components. Use when implementing modern auth with great UX.

Production-ready authentication system using Better Auth v2 with latest features. Includes OAuth providers, advanced RBAC, multi-tenant support, and security best practices.

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.