Use when managing Connected Apps for integration purposes — configuring OAuth policies, IP restrictions, refresh token expiry, and monitoring connected app usage.
Guide for creating new OAuth-based integrations in the Orient codebase. Use when adding external service integrations (APIs like Linear, GitHub, Slack, Notion, etc.), implementing…
Use when designing a reusable integration layer in Salesforce that serves multiple external APIs through a shared callout infrastructure.
Architecture-layer guidance for securing Salesforce integrations: mTLS mutual authentication, OAuth 2.0 flow selection, API gateway placement, IP allowlisting strategy on…
Install and configure Intercom API authentication with access tokens or OAuth. Use when setting up a new Intercom integration, configuring API credentials, or initializing the…
Apply Intercom security best practices for tokens, webhook verification, and scopes. Use when securing access tokens, implementing webhook signature validation, or configuring…
Design and implement Salesforce Login Flows (Screen Flows assigned to profiles or Experience Cloud sites) that run post-authentication to enforce conditional MFA, IP-based…
使用 John the Ripper 进行离线密码破解。当需要破解哈希(MD5/SHA/NTLM/Kerberos/ZIP/RAR/PDF/SSH Key 等)时使用。John 支持自动检测哈希类型、字典攻击、规则变形、增量爆破,内置 *2john 工具链从各种格式提取哈希。任何涉及离线密码破解、哈希还原、密码审计的场景都应使用此技能
Centralized JSON validation for AGENT_SUCCESS_CRITERIA with defensive parsing and injection attack prevention (CVSS 8.2)
Audit JWT implementation for algorithm confusion, secret weakness, claim validation issues, and token handling vulnerabilities. Use when reviewing authentication systems using JWT.
Comprehensive JWT authentication expert for senior developers (10+ years experience). Intelligently detects project language/framework and implements production-ready JWT auth…
Guidelines for implementing JWT authentication with security best practices for token creation, validation, and storage
Jwt Token Validator - Auto-activating skill for Security Fundamentals. Triggers on: jwt token validator, jwt token validator Part of the Security Fundamentals skill category.
Provides comprehensive KeyCloak administration guidance including realm management, user/group administration, client configuration, authentication flows, identity brokering,…
OpenStack Keystone identity service skill for deploying, configuring, operating, and troubleshooting the authentication and authorization backbone of an OpenStack cloud.
Apply Klaviyo security best practices for API key management and access control. Use when securing API keys, configuring OAuth scopes, implementing webhook signature verification,…
Kubernetes security policies, RBAC, and Pod Security Standards for hardened cluster deployments. Use when implementing cluster security, defining network policies, or enforcing…
libsecret - Secret generation and environment utilities. generateSecret creates cryptographic random secrets. generateSecretB64 creates base64url secrets.
Configure enterprise role-based access control for Lindy AI workspaces. Use when setting up team permissions, managing workspace access, or implementing enterprise security…
Secure API key management, OAuth best practices, and webhook verification for Linear integrations. Trigger: "linear security", "linear API key security", "linear OAuth", "secure…
Authentication and authorization patterns including OAuth2, JWT, RBAC/ABAC, session management, API keys, password hashing, and MFA.
Madrid-Protokoll WIPO und internationale Registrierung: DE/EU als Basismarke, Subsequent Designations US/JP/CN/GB, Section 66(a)-Application beim USPTO, Central Attack Period 5…
Interpret and use `mcpjam` probe, doctor, OAuth, apps conformance, tools, resources, and prompts output conservatively against MCP 2025-11-25.
Plan and operate Salesforce org-wide multi-factor authentication (MFA) enforcement: verification methods, phased rollout, SSO and API-only considerations, exemptions, and…
Apply Miro REST API v2 security best practices — OAuth scope minimization, token storage, webhook signature validation, and secret rotation.
Use when hardening MongoDB authentication, authorization, encryption, and audit after the data model and PII classification exist and security and data-architecture have set the…
Architecture multitenant avec approche tiered (Shared/Dedicated Schema/DB), RBAC/ABAC, field-level encryption.
Named Credentials and External Credentials configuration for secure outbound callouts: per-user vs per-org authentication, legacy vs enhanced Named Credentials, external…
Set up OAuth 2.0 authentication for the Navan REST API. Use when configuring a new Navan integration or rotating API credentials.
Secure Navan API credentials with OAuth 2.0 best practices, SSO/SAML, and SCIM provisioning. Use when hardening a Navan integration, rotating credentials, or configuring identity…
Programmatic security management in Neo4j — RBAC/ABAC, user lifecycle (CREATE/ALTER/DROP USER),
Apply Notion API security best practices for integration tokens, OAuth2 flows, least-privilege capabilities, and page-level access control.
Brokers credentials for downstream services (OpenAI, Anthropic, GitHub, Lark, custom APIs, SSH, MCP) so the agent never sees raw API keys or OAuth tokens.
Reference skill for Zoom authentication. Use after routing to an auth workflow when choosing app credentials, grant types, scopes, token refresh behavior, or debugging Zoom OAuth…
Oauth Callback Handler - Auto-activating skill for API Integration. Triggers on: oauth callback handler, oauth callback handler Part of the API Integration skill category.
Oauth Client Setup - Auto-activating skill for API Integration. Triggers on: oauth client setup, oauth client setup Part of the API Integration skill category.
OAuth 2.0 and OpenID Connect expert for authorization flows, PKCE, and token management
Implements OAuth 2.0 and OpenID Connect authentication flows with proper security, token management, and common provider integrations.
Use when choosing or reviewing Salesforce OAuth flows and connected-app policy for integrations, including client credentials, JWT bearer, authorization code, device flow, scopes,…
Guidelines for implementing OAuth 2.0 and OAuth 2.1 authentication flows with security best practices and PKCE
Design Connected App OAuth callback URLs, My Domain naming, Enhanced Domains cutover, and cross-environment redirect handling.
Use when work depends on how Salesforce OAuth access and refresh tokens are issued, refreshed, rotated, revoked, or introspected for a Connected App or API client—including…
Inspects and debugs OAuth 2.0 authorization flows including PKCE, client credentials, and device code grants.
Oauth2 Flow Helper - Auto-activating skill for Security Fundamentals. Triggers on: oauth2 flow helper, oauth2 flow helper Part of the Security Fundamentals skill category.
Active Directory attack methodology for internal network red team engagements. Covers reconnaissance (BloodHound, PowerView, ADExplorer), credential abuse (Kerberoasting,…
JWT attack methodology for penetration testers. Covers algorithm confusion (alg:none, RS256→HS256), weak HMAC secret brute force, kid parameter injection (SQLi, path traversal),…
Time-of-Check / Time-of-Use (TOCTOU) race condition exploitation methodology across binary, kernel, filesystem, web, and container layers.
Expertise in evaluating Okta configurations for compliance — policies, MFA, session management, admin accounts, lifecycle. Maps to FedRAMP/NIST/SOC2/PCI identity controls.
Install and configure Palantir Foundry SDK authentication with OAuth2 or token auth. Use when setting up a new Foundry integration, configuring API credentials, or initializing…
Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised
Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust
Conduct a focused Active Directory penetration test to enumerate domain objects, discover attack paths with BloodHound,
Assess Active Directory security posture using PingCastle, BloodHound, and Purple Knight to identify misconfigurations,
Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords
Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header
Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations,
Perform Porter's Five Forces analysis — competitive rivalry, supplier power, buyer power, threat of substitutes, and threat of new entrants.
ขั้นตอนการติดตั้งและตั้งค่า Provider ID OAuth (ผ่าน Health ID / moph.id.th) ด้วย Auth.js (next-auth v5) ใน Next.js App Router — ครอบคลุม: การติดตั้ง package, การสร้างปุ่ม Login,…
Create Microsoft Entra Agent Identity blueprints, principals, and agent identities with the right beta Graph permissions, sponsor rules, and sidecar-based auth patterns.
Audit codebases for cross-industry regulatory compliance across SOX, GDPR, HIPAA, PCI-DSS, CCPA/CPRA, FedRAMP, FISMA, COPPA, and FERPA.