API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.
Conventions for a schema-first standalone HTTP API service with no UI. Use when .claude/HARNESS.toml selects web/api-service, or when building a REST/GraphQL service where the…
API specification linting and security validation using Stoplight's Spectral with support for OpenAPI, AsyncAPI, and Arazzo specifications.
Tracks API spending across Anthropic, OpenAI, and Google keys with SQLite storage and daily Telegram digests
REST API for creating AI-powered video ads programmatically. Bearer token auth via API key, OAuth client_credentials, or OAuth Authorization Code (Connect flow).
Secure Apify API tokens, configure proxy access, and protect Actor data. Use when hardening API key management, setting up environment-specific tokens, or auditing Apify security…
End-to-end Android APK red-team pipeline — automated APK acquisition (Play Store + apkpure + apkmirror fallback), jadx decompilation, secret/URL/JWT/Firebase grep, pinned-cert…
Apply Apollo.io API security best practices. Use when securing Apollo integrations, managing API keys, or implementing secure data handling.
Verify code correctness before claiming done or committing. Run 6-dimension checklist: requirements coverage, concurrency safety, error handling, resource management, boundary…
Run a rigorous, repeatable, convergent audit of a codebase covering schema integrity, data flow, security, concurrency, resource bounds, spec compliance, operational readiness,…
يقدم مراجعة شاملة واحترافية للتطبيق من جميع النواحي (Frontend, Backend, Security, etc.). يقوم بتحليل الكود، فحص الثغرات الأمنية، تقييم الأداء، وتقديم تقارير مفصلة مع خطط عمل…
Manage Glide app access, privacy, authentication, and publishing. Use when configuring who can access an app, setting up sign-in methods, publishing apps, inviting users, or…
Drafts appellee response briefs for federal and state appellate courts, exploiting standards of review and record evidence to defend trial court decisions.
Salesforce AppExchange Security Review patterns for 2GP managed packages — what manual reviewers accept/reject, anti-patterns to avoid, fix recipes.
Configure AppFolio Stack API authentication with OAuth 2.0. Use when setting up property management API access, registering as an AppFolio Stack partner, or configuring client…
Comprehensive guide for Apple-platform data persistence: SwiftData, Core Data, CloudKit, UserDefaults, FileManager, and Keychain with migrations, sync patterns, and security.
Fast Apple Mail search via SQLite on macOS. Search emails by subject, sender, date, attachments - results in ~50ms vs 8+ minutes with AppleScript.
Export and convert Apple Notes to Markdown, JSON, HTML, and SQLite. Use when backing up notes, exporting to other apps, converting HTML to Markdown, or building searchable note…
Apply security best practices for Apple Notes automation scripts. Trigger: "apple notes security".
Secure applications against common vulnerabilities. Use when reviewing code for security, implementing security controls, or hardening applications. Covers OWASP Top 10.
USE FOR: Data security and information security formalization — CIA triad, access control models (BLP, RBAC, ABAC), information flow, cryptographic primitives, privacy…
USE FOR: Legal reasoning formalization — statutory interpretation, case-based reasoning, argumentation frameworks, defeasible rules, deontic norms, regulatory compliance, and…
Skills para trabalho de AppSec defensivo ponta-a-ponta. Inclui intake, threat modeling, code review, testes de seguranca, correcoes e entrega de relatorios.
Elite Application Security engineer specializing in secure SDLC, OWASP Top 10 2025, SAST/DAST/SCA integration, threat modeling (STRIDE), and vulnerability remediation.
Use when the user wants to audit Aptos Move smart contracts, scan Aptos-specific patterns including global storage model, resource accounts, or coin modules, review Aptos DeFi…
Schreibt arc42 Sektion 8 (Querschnittliche Konzepte): Übergreifende Lösungsansätze, Muster, Regeln, Domänenmodelle, technische Konzepte.
Use when reviewing code for security vulnerabilities, implementing authorization, or ensuring data protection. — from security/security-misc
Use when reviewing code for security vulnerabilities, implementing authorization, or ensuring data protection. — from security/security-misc
Run 5 critique axes on an ARCHITECTURE.md — NFR-architecture fit, failure modes, cost stress-test, security posture, operability. Reports severity-tagged findings.
Design comprehensive security architectures using defense-in-depth, zero trust principles, threat modeling (STRIDE, PASTA), and control frameworks (NIST CSF, CIS Controls, ISO…
Ensure every project remains compliant with these standards, use the built-in `linter` tool. It scans codebase for violations of the architecture rules using AST parsing.
Strategic agentic instruction set for elite system architecture and enterprise-grade security, focused on autonomous problem-solving and proactive verification.
灾备恢复演练系统 - 定期的备份恢复测试与改进: 1. 全局考虑:覆盖演练计划、执行、评估、改进全流程 2. 系统考虑:计划→执行→验证→报告→改进闭环 3. 迭代机制:根据演练结果优化灾备策略 4. Skill化:标准接口,可按层级独立演练 5. 流程自动化:定时自动执行恢复演练
Core Archon DID toolkit - identity management, verifiable credentials, encrypted messaging (dmail), Nostr integration, file encryption/signing, aliasing, authorization…
[COMMUNITY] Generate a Canada Charter rights design review — s.2 (expression and association), s.7 (life, liberty, security of person), s.8 (search and seizure), s.15 (equality) —…
[COMMUNITY] Generate a Canada Security of Information Act handling plan — Special Operational Information (SOI) register, marking and handling matrix, transmission channels,…
[COMMUNITY] Assess compliance with ANSSI security recommendations — Guide d''hygiène informatique (42 measures) and cloud security recommendations
[COMMUNITY] Generate an Information System Security Policy (PSSI) for French public or private organisations — security objectives, principles, organisational structure, and…
Verbessert prozessuale Argumentation in Klage, Erwiderung, Replik, Berufung, Eilantrag oder Mandatsmemo.
Produces build artifacts with Software Bill of Materials (SBOM) and supply chain metadata for security and compliance.
Produces build artifacts with Software Bill of Materials (SBOM) and supply chain metadata for security and compliance.
Set up bundle IDs, capabilities, signing certificates, provisioning profiles, and encrypted signing sync with the asc cli.
Generate ASCII-only MOTD / SSH login banner / shell profile welcome messages (short/long variants, quiet mode guidance, security notices).
AshAuthentication guidelines for implementing authentication in Ash Framework. Use when adding password, magic link, API key, or OAuth2 authentication strategies.
Tunable response-shortening skill for Claude Code. Trims filler from prose to reduce output tokens 30–55% while preserving grammar and code fidelity.
Complete ASP.NET Core REST API development with best practices, security, testing, and deployment patterns
Apply AssemblyAI security best practices for API keys, PII, and access control. Use when securing API keys, implementing PII redaction, or configuring temporary tokens for…
Sinh TOML semantic index cho ảnh/video raw để các skill phía sau map vào kịch bản. Ưu tiên đọc từ asset-index SQLite vector DB (mỗi file gọi Gemini đúng 1 lần trong toàn bộ…
Equips asset-guardian with the Universal Asset Registry — the 19-asset taxonomy (Features, Pages, Routes, Surfaces, Controls, Displays, Layouts, NavEntries, DesignTokens, Icons,…
Audit, tái cấu trúc và sửa lỗi AssetCore — kiểm tra production-readiness toàn module (BE 3-tier, FE views, workflow, fixtures, tests, docs, permissions, audit trail), đồng thời…
Generate assisted PRs to correct Security Group ownership for first-party apps flagged by S360 tenant-isolation policy (SFI-TI3.2.2)
Execute automate SOC 2 audit preparation including evidence gathering, control assessment, and compliance gap identification.
Assume AWS IAM role for CloudFormation operations and set temporary credentials as environment variables.
Use when analyzing complex codebases for security vulnerabilities, performance issues, and structural patterns - provides systematic AST-based approach using ast-grep for…
Security patterns for Astro lead generation websites on Cloudflare. Forms, headers, bot protection, GDPR. Use for any production lead gen site.
OWASP ASVS 5.0 requirements database for security audits. Provides chapter structure, control objectives, and verification requirements for all 17 ASVS domains.
Enforce lint, formatting, typing, testing, and security hygiene across the ATFT-GAT-FAN codebase.
Use when reviewing code changes against a plan. Provide: plan/spec doc; git range or changed files (eg, branch...HEAD). Returns P1/P2/P3 on alignment, quality, bugs, security.
Security audits, vulnerability analysis, and security best practices enforcement — from ajstack22/StackMap
Security audits, vulnerability analysis, and security best practices enforcement — from majiayu000/claude-skill-registry