Auditing and updating npm dependencies to prevent security vulnerabilities in TypeScript projects
Use when reviewing a Dependabot (or similar) dependency-bump PR — npm/pnpm minor/patch group bumps or GitHub Actions SHA bumps — and you need to do a supply-chain audit before…
Auditing Google Cloud Platform IAM permissions to identify overly permissive bindings, primitive role usage,
Conducts HIPAA compliance assessments with Privacy Rule, Security Rule, and Breach Notification analysis.
Audits the fit between a model's reasoning capability and the complexity of the context it receives. Use when an AI system is underperforming despite good retrieval, when teams…
Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous
Runs KiCad DRC/ERC checks, exports gerbers and BOM, and generates a structured findings report. Use when reviewing PCB designs, running design rule checks, or preparing…
Audits notification permission request flows. Use when reviewing or improving permission prompts, settings paths, or denial handling.
Audits the project for consistency issues that may arise from manual editing. Checks package scripts, tsconfig paths, README tables, and other conventions.
Audit README.md files against best practices for repos, accounts, or orgs. Detects missing sections, stale links, inconsistent formatting, and convention violations.
Use when targeting 《审计研究》(Auditing Research — 审计署主管、中国审计学会主办、匿名审稿、不收版面费的审计权威核心双月刊) or deciding whether a Chinese auditing manuscript fits this venue.
Use when reviewing website copy, SEO titles/descriptions, marketing content, or public messaging - applies Anil Dash's shareability framework to ensure others can authentically…
Canonical home for utilities shared across the auditing-* skill families (auditing-cc-configs, auditing-skills, auditing-subagents, auditing-context-files, and — as of ADR-0042 in…
Audits optimizer table statistics for staleness, missing coverage, and data quality issues using SHOW STATISTICS.
Use when running a technical SEO audit, debugging Core Web Vitals regressions, checking indexability, validating schema and sitemaps, diagnosing why a site isn't ranking, or…
Auditing Terraform infrastructure-as-code for security misconfigurations using Checkov, tfsec, Terrascan, and
Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains
Use when checking if beads-superpowers is outdated, before a plugin release, or when auditing for missing capabilities — covers upstream drift, test execution, documentation,…
Audit wallet security by analyzing token approvals, permissions, and transaction patterns. Use when checking wallet security, reviewing approvals, or assessing risk exposure.
Audits website accessibility for WCAG 2.1 AA compliance, generating findings and code fixes. Use when reviewing accessibility, keyboard navigation, screen reader compatibility, or…
Audits website usability for UX optimization, covering forms, navigation, validation, and microcopy. Use when reviewing user experience, task completion flows, or interface…
Generate and administer interactive knowledge quizzes for security auditors based on repository documentation and code.
Sonnet Amplified fullstack engine. 34 modes, SEC-01~15 OWASP security, 13 runtime hooks, 75% token reduction. Install: npx @smorky85/aurakit
Vertiefter Skill fuer Audit Trail Freigaben. Fuehrt durch Intake, Rechtsrahmen, Beleglage, Risikoampel, Dokumentation, Freigabe und naechste Schritte im Aussenwirtschafts-, Zoll-…
Modern authentication and security patterns for web applications. Expert in JWT tokens, OAuth2 flows, session management, RBAC, MFA, API security, and zero-trust architectures.
Review and analyze authentication and authorization patterns for security vulnerabilities.
Detect authentication and authorization bypass vulnerabilities including missing auth middleware, JWT algorithm confusion, IDOR, and session fixation.
Use when reviewing auth callbacks and edge API routes for state validation, randomness quality, rate limiting, token and cookie handling, and security-signal triage in this…
Better Auth integration specialist for user authentication, sessions, and security management
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems.
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems.
Implements secure authentication patterns including login/registration, session management, JWT tokens, password hashing, cookie settings, and CSRF protection.
Authentication and authorization patterns - JWT, OAuth2, sessions, RBAC, ABAC, passkeys, and MFA. Use for: authentication, authorization, jwt, oauth, oauth2, session, login, rbac,…
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems.
OAuth 2.1 + JWT authentication security best practices. Use when implementing auth, API authorization, token management. Follows RFC 9700 (2025).
OAuth 2.1, JWT (RFC 8725), encryption, and authentication security expert. Enforces 2026 security standards.
JWT authentication with Better Auth, token verification, user isolation, and security middleware. Use when implementing auth, protecting endpoints, or verifying tokens.
Reviews authentication and authorization implementation for session management, CSRF, cookie security, and auth flow vulnerabilities with findings, severity assessment, and fix…
Autonomous validation of authentication security. Checks password hashing, cookie configuration, CSRF protection, and session management for OWASP compliance.
Security-first authentication, authorization, and session management architect for modern web + mobile apps using Supabase Auth.
Authentication and authorization expert for OAuth, sessions, JWT, MFA, and identity securityUse when "authentication flow, login system, oauth integration, jwt tokens, session…
Authentication system design and implementation guidance with Python examples using strict typing. Use when: (1) Designing authentication flows (signup, login, logout, refresh),…
Guidelines for implementing Auth0 authentication with best practices for security, rules, actions, and SDK integration
Production-grade authentication & authorization covering JWT, cookies, sessions, hashing, MFA, OAuth2, RBAC, and permissions across all frameworks (Next.js, Express.js, F — from…
OAuth 2.1 compliant authentication flows (MANDATORY Q2 2026). PKCE required for ALL clients, Implicit Flow removed, modern token security.
Manages authentication flow for MutuaPIX (Laravel Sanctum + Next.js), handles mock mode security, and validates environment configurations
Expert guidance on authentication implementation including OAuth 2.0/OIDC, JWT tokens, session management, and secure password handling.
Comprehensive authentication implementation guidance including JWT best practices, OAuth 2.0/OIDC flows, Passkeys/FIDO2/WebAuthn, MFA patterns, and secure session management.
[STUB - Not implemented] Authentication security including JWT validation, session management, and OAuth2/OIDC flows. PROACTIVELY activate for: [TODO: Define on implementation].
Design and implement authentication and authorization systems. Use when setting up user login, JWT tokens, OAuth, session management, or role-based access control.
Production-grade authentication & authorization covering JWT, cookies, sessions, hashing, MFA, OAuth2, RBAC, and permissions across all frameworks (Next.js, Express.js, F — from…
Author a new Cody skill and ship it end-to-end. Writes skills//SKILL.md, commits on the secret-agent-skills-bank branch (Cody's own branch), and fast-forwards main to the…
Hunt for authorization bypass vulnerabilities including IDOR, privilege escalation, missing access controls, broken object-level authorization.
Automated IT helper for detecting and fixing code issues. Use when code fails tests, linting, type-checking, or has security vulnerabilities.
Automate database backup processes with scheduling, compression, and encryption. Supports PostgreSQL (pg_dump), MySQL (mysqldump), MongoDB (mongodump), and SQLite.
Automates the enrichment of raw indicators of compromise with multi-source threat intelligence context using
Interactive workflow design advisor for Power Automate, n8n, Make, Zapier and other platforms. Guides users through planning automation workflows with smart questions about…
Workflow builder for Power Automate, n8n, Make, Zapier and other platforms. Generates complete, production-ready workflow JSON from implementation plans or requirements.
Expert automation platform error debugger for Power Automate, n8n, Make, Zapier and other workflow platforms.
Workflows d'automatisation avec n8n — nodes, triggers, credentials, déploiement self-hosted et intégrations.