Security patterns for web forms including autocomplete attributes for password managers, CSRF protection, XSS prevention, and input sanitization.
Static security analysis of HTML forms without sending any requests. Checks for CSRF tokens, insecure actions, missing validation, hidden field issues, and common security…
Manage the freshie ecosystem inventory database — a CMDB tracking all plugins, skills, packs, and compliance grades across 50 SQLite tables.
Ultimate 25+ years expert-level frontend skill covering Next.js, React, TypeScript, Tailwind CSS, styled-components, Redux, Zustand, Webpack, Vite, Parcel, Jest/Vitest testing,…
You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention.
Audit frontend codebases for security vulnerabilities and bad practices. Use when performing security reviews, auditing code for XSS/CSRF/DOM vulnerabilities, checking Content…
Expert in secure frontend coding practices specializing in XSS prevention, output sanitization, and client-side security patterns.
Implement data persistence using SQLite with Dapper, JSON files, or event sourcing. Use when: "database", "save data", "store", "CRUD", "create table", "query", "SQL", "SQLite",…
Generate repository class for SQLite data access with CRUD methods, row mapping, and TypeScript types. Use when creating new database tables or data access layers.
Gerador e executor de quiz sobre conhecimento RAG. Comandos: '/gerar-quiz-rag gerar' para gerar perguntas do banco RAG e salvar em JSON, '/gerar-quiz-rag iniciar' para executar…
Security review for Go applications: input validation, SQL injection, authentication/authorization, secrets management, TLS, OWASP Top 10, and secure coding patterns.
Security best practices and vulnerability prevention for Golang. Covers injection (SQL, command, XSS), cryptography, filesystem safety, network security, cookies, secrets…
Build or incrementally update the code knowledge graph for a codebase. Uses Tree-sitter for multi-language AST parsing and stores nodes/edges in SQLite.
Secure GraphQL APIs - authentication, authorization, rate limiting, and validation
Self-service diagnostics — query Hope Agent's local SQLite databases (logs / sessions / async jobs) directly via the `exec` tool to investigate problems, analyze usage, and locate…
Monitors Hacker News for user-configured keywords, deduplicates against a local SQLite cache, and sends Slack alerts for new matching posts.
The official HashiCorp Vault MCP server lets AI assistants read, write, list, and delete secrets in Vault's KV engine through a safe, auditable MCP interface.
Logging automático 100% inline no Hermes Agent via sitecustomize.py — monkey-patch de model_tools.handle_function_call e AIAgent.run_conversation.
When the user asks "cosa ricordi di X?", "dammi tutto su Y", "chi è Z?", "cosa abbiamo detto di W?", "ricostruisci ciò che sai di [Capitalized name or known alias]", call…
ANY mention of "memoria/memory/ricordi/ricordo/ricorda/ricordare/saved/stored" by the user MUST go to HippoAgent (hippo_* tools), NEVER to local file-system memory files…
Auditoria de segurança profunda (L1/L2/L3). Use antes de deploy externo, após adicionar auth/dados sensíveis/fluxo financeiro, ou periodicamente como manutenção.
Build type-safe APIs with Hono for Cloudflare Workers, Deno, Bun, Node.js. Routing, middleware, validation (Zod/Valibot), RPC, streaming (SSE), WebSocket, security (CSRF,…
HuLa project skill for frontend (Vue 3 + Vite + UnoCSS + Naive UI/Vant), backend (Tauri v2 + Rust + SeaORM/SQLite), full-stack flows, and build/release work.
LLM Wiki pattern + Cognee tarzı hibrit hafıza — Vector (ChromaDB) + Graph (Neo4j/NetworkX) + Relational (SQLite) üçlüsü.
Query macOS iMessage database (chat.db) via SQLite. Decode NSAttributedString messages, handle tapbacks, search conversations.
Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false
OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments.
Hunt for injection vulnerabilities including SQL injection, command injection, XSS, SSTI, path traversal, LDAP injection, and other input validation flaws.
Validate NoSQL injection vulnerabilities across MongoDB, Cassandra, CouchDB, Redis, and other NoSQL databases.
Эксперт по санитизации ввода. Используй для XSS prevention, encoding, validation и security headers.
Identifies and fixes XSS, SQL injection, and command injection vulnerabilities with validation schemas, sanitization libraries, and safe coding patterns.
Webアプリケーションにおける包括的な入力検証とサニタイズ。型安全な検証、許可リストフィルタリング、 コンテキスト対応エンコーディングを通じて、XSS、SQLインジェクション、コマンドインジェクション、 パストラバーサルなどの入力ベースの攻撃を防止。
Insecure Deserialization Checker - Auto-activating skill for Security Fundamentals. Triggers on: insecure deserialization checker, insecure deserialization checker Part of the…
iOSアプリのセキュリティレビュー。OWASP Mobile Top 10、App Transport Security、Keychain使用をチェック。Use when: セキュリティ、脆弱性、認証、Keychain、ATS を依頼された時。
Drupal development and security patterns from Ivan Grynenko's cursor rules. Covers OWASP Top 10, authentication, access control, injection prevention, cryptography, configuration,…
Uses Claude CLI (WebSearch tool) to find new Data Science and Gen AI job postings across Bengaluru, Hyderabad, Mumbai, and Delhi NCR, scores them by relevance and location weight,…
Best practices for jQuery AJAX with JSON data handling including sending/receiving JSON, error handling, security (CSRF protection, XSS prevention), promise patterns, caching, and…
CTF flag 评判检查清单。当需要判断 CTF 挑战是否完成(flag 是否已获取)、分析攻击失败原因、或为下一步攻击提供精确指导时使用。覆盖 flag 搜索验证、漏洞发现评估、漏洞利用评估、flag 位置推断、常见题型模式匹配(SQLi/LFI/RCE/IDOR/SSRF/反序列化)
Use when a diff may introduce security risk — authZ, injection, secrets, unsafe deserialization, SSRF, XSS, mass assignment — dispatched by /review-changes, /do-and-judge, /judge.
Coleta e consulta dados de leiloeiros oficiais de todas as 27 Juntas Comerciais do Brasil. Scraper multi-UF, banco SQLite, API FastAPI e exportacao CSV/JSON.
Use when creating FastAPI endpoints, implementing JWT authentication, handling encrypted payloads, adding audit logging, or applying OWASP security patterns to KeyArc API…
Generates comprehensive table-driven tests for go-kratos microservices using testify/mock and testify/assert.
Laravel security best practices for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment.
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
Security audit worker (L3). Scans codebase for hardcoded secrets, SQL injection, XSS, insecure dependencies, missing input validation.
Path-grounded multi-agent orchestration using the Liku directory hierarchy (skills.xml inheritance, todo.md + LikuErrors.md audit trail, SQLite memory).
Litestream is a streaming replication tool for SQLite databases that continuously replicates changes to S3, Azure, GCS, SFTP, or local storage.
LLM is a Python CLI tool and library by Simon Willison for accessing OpenAI, Anthropic Claude, Google Gemini, Meta Llama, and dozens of other language models from the terminal.
OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems.
Checks hardcoded secrets, SQL injection, XSS, insecure deps, input validation. Use when auditing security.
Use mbox-to-sqlite when an agent needs to work across an email archive as structured data instead of parsing one message at a time.
MemGPT-style virtual context-load egy 11.11 session indulásakor. B-2 sprint Week 3 rewrite (2026-05-13): a klasszikus aggressive 15-20K token-os cat-jel helyett **lean ~5K token**…
Fetch current documentation for libraries used in channelhub (Bun, grammy, MCP SDK, Playwright, bun:sqlite, etc.).
Data validation patterns covering schema validation, input sanitization, output encoding, and type coercion.
Migrating LWCs from Lightning Locker Service to Lightning Web Security (LWS) — flipping the org switch safely, identifying components likely to break, removing Locker workarounds…
Markdown sanitization order matters — marked.js then DOMPurify then Mermaid to prevent XSS
Autonomous mobile security audit aligned with OWASP MASTG v2. Performs checklist-driven analysis across MASVS categories: storage, crypto, network, platform, code, resilience,…
OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments.
Move data into PostgreSQL with declarative load files, built-in type conversion, and repeatable migration runs before one-off import scripts become cutover risk.
Migrate a TinyBase table to SQLite. Use when asked to move a data domain (e.g. templates, vocabs) from the TinyBase store to the app SQLite database.