安全性

Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications. | Sử dụng khi xác thực, đăng nhập, login, auth, OAuth, session, bảo mật, phiên đăng nhập.

Provides comprehensive guidance for managing MCP (Model Context Protocol) servers using the claude mcp CLI. Covers adding servers across scopes (project, local, user), transport types (stdio, sse, http), security best practices, and common patterns. Strongly recommends project scope for team consistency and version control.

List all environment variables. Requires authentication. Use for Agentuity cloud platform operations

Implement identity and access management. Use when designing authentication, authorization, or user management. Covers OAuth2, OIDC, and RBAC.

Review code for quality, security vulnerabilities, and best practices compliance

Filesystem Security security skill

Build production REST APIs with Go - handlers, middleware, security

Build production-ready web applications with Django MVC, ORM, authentication, and REST APIs

Execute SQL query on a database. Requires authentication. Use for Agentuity cloud platform operations

List all keys in a keyvalue namespace. Requires authentication. Use for Agentuity cloud platform operations

Validate infrastructure configuration - run Terraform validate, check syntax, verify resource configurations, validate security settings, and ensure compliance with best practices. Reports validation errors and warnings.

Perform comprehensive security analysis to identify vulnerabilities. Integrates with codex-review for automatic security checks. Covers OWASP Top 10, common vulnerabilities, and secure coding practices. Output: Japanese

Authentication and authorization prompt templates for RBAC implementation, permissions systems, ownership verification, and authorization testing. Use when setting up roles, implementing access control, or testing authorization logic. Triggers include "RBAC", "role-based access", "permissions", "ownership", "authorization", "access control", "user roles", "auth testing".

Validates Django REST Framework endpoints against OpenAPI specification. This skill should be used when implementing or modifying API endpoints to ensure request/response schemas, status codes, authentication, and parameters match the contract specification.

This skill should be used when scanning container images, filesystems, or repositories for vulnerabilities using Trivy. Use for CVE detection, security analysis, vulnerability comparison across image versions, understanding scan output (severity levels, status fields), and batch scanning multiple images.

Threat Modeling security skill

Understand authentication and authorization defects in AI-generated code including insecure password storage, broken session management, and access control bypasses. Use this skill when you need to learn about auth vulnerabilities in AI code, understand why AI suggests MD5/plaintext passwords, recognize broken session patterns, or identify access control gaps. Triggers include "auth vulnerabilities AI", "password storage AI", "session management", "broken access control", "authentication defects", "MD5 passwords", "session hijacking", "authorization bypass".

CI security scanning: secrets, deps, SAST, triage, expiring exceptions

Implement Cross-Site Request Forgery (CSRF) protection for API routes. Use this skill when you need to protect POST/PUT/DELETE endpoints, implement token validation, prevent cross-site attacks, or secure form submissions. Triggers include "CSRF", "cross-site request forgery", "protect form", "token validation", "withCsrf", "CSRF token", "session fixation".

Expert at integrating Model Context Protocol (MCP) servers into Claude Code plugins. Auto-invokes when the user wants to add external tool integrations, configure MCP servers, set up stdio/SSE/HTTP/WebSocket connections, or needs help with MCP authentication and security. Also auto-invokes proactively when Claude is about to write MCP configuration files (.mcp.json) or add mcpServers to plugin manifests.