安全性

Memory Safety security skill

Expert guidance for Cosmian Key Management System including key generation, certificate management, encryption operations, access policies, and KMS CLI operations. Use this when working with Cosmian KMS, cryptographic key management, or Cosmian-specific PKI operations.

Template and formatting guidelines for security audit reports. Provides consistent structure for findings, severity classification, ASVS mapping, and remediation recommendations.

Network architecture, troubleshooting, and infrastructure patterns. Use when designing network topologies, debugging connectivity issues, configuring load balancers, DNS, or implementing network security.

Create a new API key. Requires authentication. Use for Agentuity cloud platform operations

This skill should be used when the user asks about "Rails security", "SQL injection", "XSS", "CSRF", "authentication security", "authorization", "secure Rails", "security vulnerabilities", "OWASP", or discusses security concerns in Rails applications. Load this skill when reviewing code for security issues or implementing security features.

Automated SQLite database backup/restore system with validation, encryption, and migration safety. Supports point-in-time recovery, incremental backups, and disaster recovery. Use before risky operations, data migrations, or production deployments.

Implement secure payments using Clerk Billing and Stripe without ever touching card data. Use this skill when you need to set up subscription payments, handle webhooks, implement payment gating, understand PCI-DSS compliance, or integrate Stripe Checkout. Triggers include "payment", "Stripe", "Clerk Billing", "subscription", "PCI-DSS", "credit card", "payment security", "checkout", "webhook", "billing".

This skill should be used when the user asks to "add a provider", "configure google oauth", "set up microsoft login", "azure ad authentication", "oauth provider setup", "add social login", or needs help with specific OAuth provider configuration in Goth.

Complete FastAPI API development framework for Python. Provides comprehensive assistance for building APIs with routing, authentication (JWT, OAuth2, Better Auth), Pydantic models, database integration, and deployment using uv package manager. Use when users ask to build FastAPI applications, implement authentication, create API endpoints, or develop backend services in Python.

Implement comprehensive AWS security controls and compliance

Use when completing implementation, before escalating to human review, or when human checkpoint is reached - performs AI-assisted code review covering security, AI-specific issues, logic errors, and architecture to ensure humans see fresh analysis

Assess non-functional requirements across 6 quality categories (Security, Performance, Reliability, Maintainability, Scalability, Usability) with measurable criteria, evidence-based evaluation, and automated checks. Scores each category, identifies gaps with severity ratings, and provides remediation guidance. Use during quality review to evaluate production readiness and NFR compliance.

Understand the security risks inherent in AI-generated code and vibe coding. Use this skill when you need to understand why AI generates insecure code, statistics on vulnerabilities, real-world breach examples, or overall security awareness for AI-assisted development. Triggers include "vibe coding security", "AI code security", "AI vulnerabilities", "security risks AI code", "why AI insecure", "AI security awareness", "AI generated code risks".

Identify and analyze security threats. Use when designing systems, reviewing architecture, or assessing risk. Covers STRIDE methodology.

Automated security audit for Justice Companion: validates encryption keys, GDPR compliance, input validation, and OWASP best practices. Use when implementing security features, before releases, or when asked about security posture.

Use this skill when working with the CliftonSites Supabase backend for any task including understanding database schemas, debugging issues, adding features, querying data, managing RPC functions, reviewing triggers/policies, working with the automation pipeline, security architecture (MFA authentication, RLS, SECURITY DEFINER functions, API route protection), or any database operation. Provides complete expertise on all 12 tables, 25 RPC functions, 5 triggers, RLS policies, SECURITY DEFINER functions, admin MFA authentication, internal API token validation, views, indexes, data flows, and Supabase MCP server operations.

Create optimized Dockerfiles with multi-stage builds, layer caching, security best practices. Docker, Docker Compose. Keywords - dockerfile, docker optimization, multi stage build, docker best practices, container, image size, docker compose

Package entire code repositories into single AI-friendly files using Repomix. Capabilities include pack codebases with customizable include/exclude patterns, generate multiple output formats (XML, Markdown, plain text), preserve file structure and context, optimize for AI consumption with token counting, filter by file types and directories, add custom headers and summaries. Use when packaging codebases for AI analysis, creating repository snapshots for LLM context, analyzing third-party libraries, preparing for security audits, generating documentation context, or evaluating unfamiliar codebases. | Sử dụng khi: đóng gói repo, pack codebase, context cho AI.

Show project detail. Requires authentication. Use for project management operations