Security

Network security, cryptography, vulnerability assessment, and ethical hacking.

Эксперт по container registry. Используй для настройки ECR, Harbor, Docker Hub, image security и CI/CD интеграции.

Master ABP Framework patterns including repository pattern, unit of work, domain services, application services, authorization, multi-tenancy, background jobs, and distributed events. Use when: (1) building ABP-based applications with DDD architecture, (2) creating CRUD services with Entity, AppService, DTOs, validators, (3) handling authorization/permissions, (4) generating ABP module code.

Review code for best practices, bugs, and security risks; use for PR reviews, code quality audits, or whenever the user wants feedback.

Comprehensive code review checklist covering correctness, performance, security, and maintainability. Use when performing code reviews or preparing code for review.

Use when implementing authentication, user management, organization/tenant management, team invitations, role-based access control (RBAC), or multi-tenant architecture in a Supabase project. Provides complete schema, API templates, and frontend components for AuthHub-style authentication.

Production-ready Supabase database schemas for customers, subscriptions, payments, invoices, and webhook events with comprehensive Row Level Security policies. Use when setting up payment infrastructure, creating subscription tables, implementing secure payment data storage, or configuring RLS policies for multi-tenant payment systems.

Tag Zotero items with timestamp tags after generating bibliographies. Uses secure macOS Keychain storage for credentials. Claude Code only.

Comprehensive guide for configuring, troubleshooting, and implementing External-DNS across Azure DNS, AWS Route53, Cloudflare, and Google Cloud DNS. Use when implementing automatic DNS management in Kubernetes, configuring provider-specific authentication (managed identities, IRSA, API tokens), troubleshooting DNS synchronization issues, setting up secure production-grade external-dns deployments, optimizing performance, avoiding rate limits, or implementing GitOps patterns with ArgoCD.

Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications.

Comprehensive code analysis for architecture, performance, security, and quality using PAL MCP. Use when reviewing codebases, assessing technical decisions, or planning improvements. Triggers on analysis requests, architecture reviews, or code quality assessments.

BigCommerce OAuth, embedded app JWT validation, and pre-registration patterns for VioletConnect

Manage security policies, firewall zones, access control rules (ACLs), and guest network access. Perform comprehensive security audits and compliance reviews.

Automated tooling and detection patterns for JavaScript/TypeScript security vulnerabilities. Provides scan commands, vulnerability patterns, and severity mapping—not output formatting or workflow.

GraphQL resolver patterns including dataloader for N+1 prevention, context propagation, authorization, error handling, and validation. Use when implementing GraphQL resolvers.

Deploy Docker applications using Kamal 2 with zero-downtime and automatic SSL. Use this skill when (1) setting up new Kamal deployments, (2) generating deploy.yml configuration, (3) deploying apps that lack health endpoints (using Caddy workaround).

Proactive security engineering for PAI projects. USE WHEN user needs threat modeling, CMMC compliance baseline, security requirements, vulnerability analysis, or security-first design. Prevents security issues during design, not after deployment.

Apply when implementing multi-tenant data isolation, user-specific data access, or any scenario requiring row-level authorization in Supabase.

Expert security architecture including threat modeling, authentication, encryption, and compliance

Identify potential quality, security, and delivery risks early in discovery to inform mitigation planning.