Testing & Security

Uses the Vibesafe MCP server to scan, compile, test, save, diff, and report status for Vibesafe units. Activate when the user asks to run vibesafe CLI commands (scan/compile/test/save/diff/status), regenerate code from specs, or inspect drift/checkpoints.

Use this skill whenever the user wants to harden security for Cloudflare Workers/Pages APIs (e.g. Hono + TypeScript), including WAF-style protections, rate limiting, IP restrictions, secrets handling, and secure headers.

Automatically builds and tests code changes. Use whenever code is modified, tests fail, before creating pull requests, or when verifying code quality.

Build production-ready Next.js 16 + Supabase authentication and role-based access control systems with 4-tier user roles (admin, main_user, vip_user, user). Use this skill when implementing authentication, user management, role-based permissions, or RLS policies in Next.js projects.

Background job manager for long-running commands. Triggers on: "run in background", "takes a while", "long running", builds >30s, test suites, deployments, dev servers, anything that should survive session disconnect.

This skill should be used when the user asks to "create a Next.js app", "build a page", "add routing", "implement server components", "add caching", "create API routes", "use server actions", "add metadata", "set up layouts", or discusses Next.js architecture, App Router, data fetching, or rendering strategies. Always use the latest Next.js version and modern patterns.

Sets up comprehensive GitHub Actions CI/CD workflows for modern web applications. This skill should be used when configuring automated lint, test, build, and deploy pipelines, adding preview URL comments on pull requests, or optimizing workflow caching. Use when setting up continuous integration, deployment automation, GitHub Actions, CI/CD pipeline, preview deployments, or workflow optimization.

Technical workflow for implementing accessible React user interfaces with shadcn/ui, Tailwind CSS, and TanStack Query. Includes 6-phase process with mandatory Style Guide compliance, Context7 best practices consultation, Chrome DevTools validation, and WCAG 2.1 AA accessibility standards. Use after Test Agent, Implementer, and Supabase agents complete their work.

Infrastructure operations - 1Password secrets, Coolify deployments, Postman tests, Hetzner/Hostinger servers

安全审计助手，提供完整的安全审计流程，涵盖代码安全审查、漏洞扫描、安全配置检查、合规性评估与修复建议。

Méta-skill orchestrateur pour agence Web - Compose et orchestre les skills métiers (project-management, direction-technique, lead-dev, web-dev-process, testing-process, frontend-developer, backend-developer, devops, etc.)

Comprehensive GitHub Pull Request code review skill. This skill should be used when users provide a GitHub PR URL and request a code review. Automatically fetches PR metadata, diff, comments, commits, and related issues using gh CLI. Creates organized review workspace, analyzes code against industry-standard criteria (functionality, security, testing, maintainability), and optionally adds inline comments to the PR. Trigger phrases include review this PR, code review, review pull request, check this PR, or when a GitHub PR URL is provided.

Comprehensive multi-AI code review system for Python, JavaScript, and TypeScript. Use when reviewing code for quality, security, performance, or best practices. Includes automated analysis scripts, language-specific patterns, and AI collaboration workflows for complex decisions.

Self-improving AI system for distressed property lead generation. Monitors performance, spawns specialized skills to fix bottlenecks, runs A/B tests, and continuously optimizes lead conversion. Use when building or optimizing lead generation workflows, analyzing pipeline metrics, or creating automated lead intelligence systems.

RLS policy testing patterns for Supabase - automated test cases for Row Level Security enforcement, user isolation verification, multi-tenant security, and comprehensive security audit scripts. Use when testing RLS policies, validating user isolation, auditing Supabase security, verifying tenant isolation, testing row level security, running security tests, or when user mentions RLS testing, security validation, policy testing, or data leak prevention.

Collaborate on documents with tracked changes, suggestions, and iterative refinement. Use for reviewing drafts, providing editorial feedback, and collaborative document development.

Vitest unit testing patterns for TypeScript. Covers test structure, mocking, assertions, and coverage. Triggers on vitest, describe, it, expect, mock.

Detects suspicious use of assertions for security checks that can be disabled in production builds. Use when analyzing assertion usage, security checks, or investigating assert-related vulnerabilities.

Implement authentication and authorization using @delon/auth. Use this skill when adding login/logout flows, JWT token management, role-based access control (RBAC), route guards, HTTP interceptors, and session management. Integrates with Firebase Auth and custom permission systems. Ensures secure token storage, automatic token refresh, and consistent authorization checks across components and services.

Validate Agent Skills against best practices and specification requirements. Use when reviewing skills, before publishing, or to audit existing skills.