Security

Use when implementing SIP authentication, security mechanisms, and encryption. Use when securing SIP servers, clients, or proxies.

Use when deploying Docker Compose applications to production including security hardening, resource management, health checks, logging, monitoring, and high-availability patterns.

Use when Django REST Framework for building APIs with serializers, viewsets, and authentication. Use when creating RESTful APIs.

Performs technical SEO audits covering site speed, crawlability, indexability, mobile-friendliness, security, and structured data. Identifies technical issues preventing optimal search performance.

Security scanning with UBS (Ultimate Bug Scanner). Use before commits, when scanning for bugs, when the user mentions "ubs", "bugs", "scan", "verify", or "security".

Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.

Expert knowledge of Electron Inter-Process Communication patterns for SEPilot Desktop. Use this when adding IPC handlers, creating frontend-backend communication, implementing streaming responses, or debugging IPC issues. Ensures secure and efficient communication between renderer and main processes.

This skill provides AWS cost optimization, monitoring, and operational best practices with integrated MCP servers for billing analysis, cost estimation, observability, and security assessment.

JWT authentication and authorization patterns for Spring Boot 3.5.x covering token generation with JJWT, Bearer/cookie authentication, database/OAuth2 integration, and RBAC/permission-based access control using Spring Security 6.x.

AWS Key Management Service (KMS) patterns using AWS SDK for Java 2.x. Use when creating/managing encryption keys, encrypting/decrypting data, generating data keys, digital signing, key rotation, or integrating encryption into Spring Boot applications.

Core patterns and best practices for AWS SDK for Java 2.x. Use when configuring AWS service clients, setting up authentication, managing credentials, configuring timeouts, HTTP clients, or following AWS SDK best practices.

Generate comprehensive REST API documentation using SpringDoc OpenAPI 3.0 and Swagger UI in Spring Boot 3.x applications. Use when setting up API documentation, configuring Swagger UI, adding OpenAPI annotations, implementing security documentation, or enhancing REST endpoints with examples and schemas.

Implement REST API design standards and best practices for Spring Boot projects. Use when creating or reviewing REST endpoints, DTOs, error handling, pagination, security headers, HATEOAS and architecture patterns.

Configure Spring Boot Actuator for production-grade monitoring, health probes, secured management endpoints, and Micrometer metrics across JVM services.

Unit tests for Spring Security with @PreAuthorize, @Secured, @RolesAllowed. Test role-based access control and authorization policies. Use when validating security configurations and access control logic.

CROSS-CUTTING: Security patterns and best practices for ALL PACT phases.Provides OWASP Top 10 guidance, authentication/authorization patterns, input validation,secure coding practices, secrets management, and security testing checklists.Use when: implementing authentication, handling user input, storing secrets,designing authorization, reviewing code for vulnerabilities, planning security tests.

CODE PHASE (Backend): Server-side implementation patterns and best practices.Provides service layer patterns, API implementation guidance, error handling strategies,data validation approaches, middleware patterns, and backend security practices.Use when: implementing APIs, creating services, handling errors, validating data,building middleware, implementing authentication/authorization.

CODE PHASE (Database): Data layer implementation patterns and best practices.Provides schema design patterns, query optimization strategies, indexing guidelines,data integrity constraints, migration patterns, and database security practices.Use when: designing schemas, writing queries, optimizing performance, planningmigrations, implementing data validation, ensuring data integrity.

Automatically discover cryptography skills when working with encryption, TLS, certificates, PKI, and security

Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.