Implements secure authentication patterns including login/registration, session management, JWT tokens, password hashing, cookie settings, and CSRF protection.
Reviews authentication and authorization implementation for session management, CSRF, cookie security, and auth flow vulnerabilities with findings, severity assessment, and fix…
Autonomous validation of authentication security. Checks password hashing, cookie configuration, CSRF protection, and session management for OWASP compliance.
Hunt for authorization bypass vulnerabilities including IDOR, privilege escalation, missing access controls, broken object-level authorization.
Automate database backup processes with scheduling, compression, and encryption. Supports PostgreSQL (pg_dump), MySQL (mysqldump), MongoDB (mongodump), and SQLite.
Use when the user mentions database schema review, migration safety, GRDB migration audit, or SQLite schema checking.
Use when working with ANY data persistence, database, storage, CloudKit, migration, or serialization.
Use when adding/modifying database columns, encountering "FOREIGN KEY constraint failed", "no such column", "cannot add NOT NULL column" errors, or creating schema migrations for…
Use when writing raw SQL queries with GRDB, complex joins, ValueObservation for reactive queries, DatabaseMigrator patterns, query profiling under performance pressure, or…
Use when working with ANY data persistence, database, axiom-storage, CloudKit, migration, or serialization.
Use when migrating from SwiftData to SQLiteData — decision guide, pattern equivalents, code examples, CloudKit sharing (SwiftData can't), performance benchmarks, gradual migration…
SQLiteData advanced patterns, @Selection column groups, single-table inheritance, recursive CTEs, database views, custom aggregates, TableAlias self-joins, JSON/string aggregation
Fetches Axis Bank transaction emails via Himalaya, categorizes them using notebook-style regex rules, stores them in SQLite, generates weekly and monthly dashboards from stored…
Language-agnostic backend patterns: API design, authentication, security, databases. Use when: designing APIs, implementing auth, securing endpoints, modeling data.
Ultimate 25+ years expert-level backend skill covering FastAPI, Express, Node.js, Next.js with TypeScript.
Type-safe database ORM for TypeScript/Node.js. Use when you need database access with full TypeScript integration — auto-generated types from schema, migrations, and query…
Покрывает контроллеры D7 на базе Bitrix\Main\Engine\Controller и JsonController — actions, автосвязывание параметров, фильтры ActionFilter (Authentication, Csrf, HttpMethod,…
Покрывает прямую работу с базой Bitrix — Application::getConnection(), Connection, MysqliConnection, SqlHelper, SqlExpression, сырые SQL-запросы через…
Use when setting up a production database for Bknd. Covers SQLite file, LibSQL/Turso, Cloudflare D1, PostgreSQL, Neon, Supabase, and Xata configuration.
Use when preparing a Bknd application for production deployment. Covers security hardening, environment configuration, isProduction flag, JWT settings, Guard enablement, CORS,…
記帳系統。解析自然語言記帳指令,寫入 SQLite 資料庫並同步 Beancount 帳本。Use when user wants to record expenses, check spending, query transaction history, or manage accounts.
Use this for SQL and NoSQL database design across MariaDB, MySQL, PostgreSQL, SQLite, MongoDB, indexing, transactions, migrations, constraints, query plans, and data correctness.
Static analysis security vulnerability scanner for Ruby on Rails applications. Use when analyzing Rails code for security issues, running security audits, reviewing code for…
Red team engineering agent. Designs attack scenarios, builds threat models, applies MITRE ATT&CK/OWASP frameworks, runs Purple Team exercises, and performs AI/LLM red teaming.
Identify and exploit authentication and session management vulnerabilities in web applications. Broken authentication consistently ranks in the OWASP Top 10 and can lead to…
Index local coding-agent sessions into a searchable SQLite-backed view so you can inspect usage, compare failures, and recover prior context quickly.
Activates for any bug bounty, penetration testing, or vulnerability research request. Triggers on: "start recon on [target]", "check for IDOR/SSRF/XSS on [endpoint]", "map attack…
Use when integrating Drizzle ORM with Bun's SQLite driver for type-safe schema definitions and migrations.
Comprehensive Bun runtime expertise covering all major features. Use when working with Bun projects, migrating from Node.js, or leveraging Bun-specific APIs.
Use for bun:sqlite, SQLite operations, prepared statements, transactions, and queries.
Standards compliance assessment and gap analysis agent. Evaluates codebases against OWASP/WCAG/OpenAPI/ISO 25010 and other standards, detects violations, and provides actionable…
Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management.
Data persistence for CFN Loop - SQLite storage, Redis coordination, automatic memory persistence
Check compliance with OWASP Top 10 security risks and best practices. Use when performing comprehensive security audits.
OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments.
Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security.
Discover, message, and coordinate AI coding agents (Claude Code, Codex CLI) running on the same machine via a shared Unix socket broker backed by SQLite.
Access Claude Code session logs (JSONL transcripts and SQLite FTS index) for cross-session context, handoff, and memory retrieval.
在 Linux VPS 上部署 CLIProxyAPI + NewAPI 组合栈,把 Codex/Claude/Gemini/Qwen 等订阅账号包装成可计费的 OpenAI 兼容 API。负责 NewAPI Docker 部署、容器→宿主桥接、模型计费倍率(ModelRatio/CacheRatio/CompletionRatio)、SQLite…
Automatically validates Cloudflare Workers security patterns during development, ensuring proper secret management, CORS configuration, and input validation
Cloudflare Workers security with authentication, CORS, rate limiting, input validation. Use for securing APIs, JWT/API keys, or encountering auth failures, CORS errors,…
Pre-production security audit and vulnerability scanning. Run Snyk + Aikido dependency scans, OWASP analysis, and set up automated GitHub security checks with Jules.
Conducts comprehensive security code reviews including vulnerability detection (OWASP Top 10, CWE), authentication/authorization flaws, injection attacks, cryptography issues,…
Architect-level guidance, workflows, and scripts for building agentic coding systems with OpenAI Codex.
Claim tasks, record step progress, and verify SOP gates in the colony SQLite queue. Applies when your spawn message includes a db_path field.
Application security testing coordinator for common vulnerability patterns including XSS, injection flaws, and client-side security issues.
Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security
Cors Policy Validator - Auto-activating skill for Security Fundamentals. Triggers on: cors policy validator, cors policy validator Part of the Security Fundamentals skill category.
Import memories from other AI memory systems into Cortex. Supports claude-mem (SQLite), Claude Desktop sessions, ChatGPT web export (JSON), Gemini Takeout (JSON), Cursor…
Craft CMS 5 plugin and module development — extending Craft with PHP. Covers the full extend surface: elements, element queries, services, models, records, project config,…
Debug CSRF token issues and authentication problems including 403 Forbidden errors, cookie issues, JWT tokens, OAuth flows, and session management.
Implement Cross-Site Request Forgery (CSRF) protection using tokens, SameSite cookies, and origin validation. Use when building forms and state-changing operations.
Csrf Protection Validator - Auto-activating skill for Security Fundamentals. Triggers on: csrf protection validator, csrf protection validator Part of the Security Fundamentals…
Web exploitation techniques for CTF challenges. Use when solving web security challenges involving XSS, SQLi, CSRF, file upload bypasses, JWT attacks, Web3/blockchain exploits, or…
当用户正在进行 CTF 比赛或练习,遇到 Web 类型题目时触发此 Skill。 适用场景包括: - 用户描述了 SQL 注入、XSS、SSRF、SSTI、XXE、文件包含、命令执行等 Web 安全问题 - 用户需要进行信息搜集、目录扫描、端口扫描等渗透前期工作 - 用户遇到 PHP 特性利用、反序列化、JWT 伪造等高级攻击场景 - 用户提及…
Interroger les cubes UNISIS S3 (Statistiques en Self-Service) de l'Université de Lausanne via le CLI `cube`.
使用 DalFox 进行 XSS 漏洞扫描。当需要检测反射型/存储型/DOM XSS、分析参数注入点、绕过 WAF 时使用。DalFox 支持自动参数分析、DOM 挖掘、Blind XSS 回调、WAF 绕过、自动生成 PoC。任何涉及 XSS 漏洞检测、参数测试、WAF 绕过的场景都应使用此技能
Complete guide for using drift database library in Dart applications (CLI, server-side, non-Flutter).
Import Synnovator platform data from .synnovator/*.md files into SQLite database via SQLAlchemy models.
Production-grade SQL optimization for OLTP systems: EXPLAIN/plan analysis, balanced indexing, schema and query design, migrations, backup/recovery, HA, security, and safe…