Security

레포지토리 보안 감사 스킬. 현재 코드와 commit history를 분석하여 민감 정보 유출을 점검합니다. '보안 점검', '보안 감사', 'security audit', '민감 정보 검사' 요청 시 활성화됩니다.

CRA評価パイプラインのオーケストレーター。対象（Android端末FW、Androidアプリ、PCアプリ、Webアプリ）に応じた適切なスキルを連携させてCRAフル評価を自動実行。Triggers on: CRA full assessment, CRA pipeline, security assessment pipeline, automated CRA evaluation, skill orchestration, full security review, Android device, Android app, PC app, web app, CRAフル評価, CRA分析, セキュリティ評価.

OAuth 2.1 Token Endpoint implementation guide. Use when implementing token endpoint requirements beyond OpenID Connect, including grant types, token response format, Cache-Control headers, CORS support, and error handling. Covers OAuth 2.1 Section 3.2 and Section 4 requirements.

Secure GitHub Actions trigger patterns for pull requests, forks, and reusable workflows. Preventing privilege escalation and code injection through trigger misconfiguration.

Implements standard Supabase authentication flows including signup, login, password reset, OAuth providers, email verification, and session management with complete security best practices

Ultimate 25+ years expert-level backend skill covering FastAPI, Express, Node.js, Next.js with TypeScript. Includes ALL databases (PostgreSQL, MongoDB, Redis, Elasticsearch), ALL features (REST, GraphQL, WebSockets, gRPC, Message Queues), comprehensive security hardening (XSS, CSRF, SQL injection, authentication, authorization, rate limiting), complete performance optimization (caching, database tuning, load balancing), ALL deployment strategies (Docker, Kubernetes, CI/CD), advanced patterns (microservices, event-driven, saga, CQRS), ALL use cases (e-commerce, SaaS, real-time, high-traffic), complete testing (unit, integration, E2E, load, security). Route protection, middleware, authentication implementation in PERFECTION. Use for ANY backend system requiring enterprise-grade security, performance, scalability, and architectural excellence.

Review code for WordPress security vulnerabilities.

Comprehensive backend development skill for building scalable backend systems using NodeJS, Express, Go, Python, Postgres, GraphQL, REST APIs. Includes API scaffolding, database optimization, security implementation, and performance tuning. Use when designing APIs, optimizing database queries, implementing business logic, handling authentication/authorization, or reviewing backend code.

Generate and optimize PRDs, Implementation Plans, and Progress Tracking documents optimized as AI artifacts for development agents. Use when creating new feature plans, breaking down long planning docs (>800 lines), or setting up progress tracking. Supports: 1) Create PRD from feature request, 2) Create Implementation Plan from PRD with phase breakdown and subagent assignments, 3) Optimize existing plans by breaking into phase-specific files, 4) Create progress tracking with task assignments. Example: "Create a PRD for user authentication feature" or "Break down the sidebar-polish implementation plan into phase files" or "Create progress tracking for data-layer-fixes PRD".

Weaves custom Skills for Claude following official best practices including proper structure, metadata, progressive disclosure, and security guidelines. Use when creating new skills, building custom workflows, or when user mentions skill creation, skill development, custom skill authoring, weaving skills, or crafting skills.

Master MongoDB security, authentication, authorization, encryption, and backup. Learn role-based access control, TLS/SSL, encryption, and disaster recovery. Use when securing deployments, managing users, or implementing compliance.

Perform comprehensive code reviews with focus on correctness, performance, security, and maintainability. Use when reviewing pull requests, merge requests, or code changes.

Invoke IMMEDIATELY via python script when user requests codebase analysis, architecture review, security assessment, or quality evaluation. Do NOT explore first - the script orchestrates exploration.

Security patterns for Astro lead generation websites on Cloudflare. Forms, headers, bot protection, GDPR. Use for any production lead gen site.

Validate backend development environment and authentication status. Use when (1) new backend developer onboarding, (2) checking required tools (gh CLI, Git, Node, pnpm, Supabase), (3) verifying GitHub auth and repo access, (4) orchestrator auto-runs at work start.

Expert system for integrating Apple Developer APIs including App Store Connect API, App Store Server API, Sign in with Apple REST API, App Store Server Notifications, Advanced Commerce API, and App Intents. Use this skill when (1) Implementing in-app purchases or subscription management, (2) Setting up App Store Server Notifications webhooks, (3) Creating JWT tokens for Apple API authentication, (4) Managing TestFlight distribution or app metadata, (5) Implementing Sign in with Apple authentication, (6) Working with App Intents or Shortcuts integration, or (7) Any Apple developer API integration.

Professional security report generation, executive summaries, finding documentation, and remediation tracking. Use for communicating security assessment results.

Rust safety patterns and secure coding. Use when writing code that handles untrusted input, uses unsafe blocks, deals with memory safety, or requires security review.

Comprehensive pre-deployment validation ensuring code is production-ready. Runs complete audit pipeline, performance benchmarks, security scan, documentation check, and generates deployment checklist.

Security validation, vulnerability scanning, and compliance checking for development environments. Auto-activates on keywords security, vulnerability, audit, OWASP, encryption, GPG, SSH, signing, secrets, scan. Routes to specialized security workflows.