Keep searchable long-term memory for coding agents in a local SQLite store and expose it through MCP when sessions keep forgetting prior decisions, conventions, and useful…
Searches and downloads royalty-free images from Pexels API with smart filtering by orientation, color, and size.
Run EXPLAIN QUERY PLAN against every query in a sqlc-style catalog and diff the plans against a baseline.
PocketBase is an open-source Go backend that ships as a single portable executable. It includes an embedded SQLite database with realtime subscriptions, built-in file and user…
Validates PopKit security posture using concrete vulnerability patterns, automated secret scanning, and OWASP-aligned checklists
Forked-context deep post-task reviewer — preloads verdict schema + OWASP security + deep code analysis + PM/docs accuracy + replan lens.
Security design principles — trust boundaries and input validation, authentication vs authorization, secrets handling, secure defaults and defense in depth, lightweight threat…
You are an expert in Prisma ORM with deep knowledge of schema design, migrations, query optimization, relations modeling, and database operations across PostgreSQL, MySQL, and…
OWASP ZAP/Burp Suite/Nuclei integration, penetration test planning, DAST execution, and vulnerability scanning.
Use when implementing project state detection, designing STATE.md/TASKS.md templates, or configuring SQLite state store and MCP state protocol
TspoonBase — a TypeScript backend-as-a-service with SQLite, auth, realtime, file storage, AI tools, vector search, and Admin UI.
Security scanning templates and checklists for OWASP Top 10, authentication, authorization, data protection. Use when conducting security testing or vulnerability assessment.
Launch quality subagents in parallel using Claude Code 2.1+ native Task tool. Includes ralph-security for OWASP validation and ralph-frontend for WCAG checks.
Quarkus Security best practices for authentication, authorization, JWT/OIDC, RBAC, input validation, CSRF, secrets management, and dependency security.
Performs security audits and vulnerability assessments on Ruby on Rails application code. Use when reviewing Rails code for security risks, assessing authentication or…
Build SQLite-backed reactive UI in `apps/desktop` using stable patterns for reads, selection, forms, writes, and loading states.
Recettix : compétence de recette et validation des livrables d'une application métier TypeScript. Couvre : Plan de Recette contractuel, critères d'acceptance Gherkin, jeux de…
Brainstorma receptidéer, föreslå kompletta recept på svenska och spara nya recept till SQLite-databasen.
Analisa e classifica um repositório GitHub via repo-radar CLI (SQLite + LLM), registrando o veredito em PROJECT_EVALUATIONS.md
Take a suspected injectable request, replay it on an authorized target, confirm the finding, and enumerate reachable database actions before manual follow-up.
Run a layered quality gate over a code change — code quality, security audit, and architecture consistency, in that order.
Master skill cho dự án Robot Bi. Kết hợp TDD, diagnosis loop, security audit, git safety, UI prototyping, và session hygiene — tất cả được calibrate cho codebase…
Create Goods Receipts (Material Documents) in SAP S/4HANA Cloud Public or on-prem private edition via OData V2 A_MaterialDocumentHeader deep-insert at API_MATERIAL_DOCUMENT_SRV.
Create supplier (AP) invoices in SAP S/4HANA Cloud Public or on-prem private edition via the SOAP A2X "Supplier Invoice ERP Create Request" service.
Create purchase orders (POs) in SAP S/4HANA Cloud Public or on-prem private edition via the OData V2 A_PurchaseOrder deep-insert at API_PURCHASEORDER_PROCESS_SRV.
Update existing records in SAP S/4HANA Cloud Public or on-prem private edition via OData V2 PATCH. Use whenever the user wants to update, change, edit, modify, patch, set, rename,…
Security checklist specifically for SaaS applications built with Next.js, Supabase, and Stripe. Covers authentication hardening, Row Level Security, Stripe webhook verification,…
Detect Insecure Direct Object Reference (IDOR) vulnerabilities in a codebase using a three-phase approach: recon (find candidates), batched verify (check authorization in parallel…
Detect SQL injection vulnerabilities in a codebase using a three-phase approach: recon (find unsafe SQL construction sites), batched verify (trace user input to those sites in…
Detect Server-Side Request Forgery (SSRF) vulnerabilities in a codebase using a three-phase approach: recon (find outbound call sites), batched verify (trace user input to…
Detect Cross-Site Scripting (XSS) vulnerabilities in a codebase using a three-phase approach: recon (find HTML/JS/DOM sink sites), batched verify (trace user input to sinks in…
Detect XML External Entity (XXE) vulnerabilities in a codebase using a three-phase approach: recon (find XML parsing sites without external-entity hardening), batched verify…
Clickjacking and UI redressing detection — missing frame protection headers and CSP frame-ancestors
Cross-Site Request Forgery detection — missing tokens, SameSite misconfiguration, and CORS-CSRF interaction
Path traversal and directory traversal detection — LFI, RFI, zip slip, and symlink attacks
SQL Injection detection across all variants — classic, blind, time-based, second-order, and UNION-based
Cross-Site Scripting detection for Reflected, Stored, and DOM-based XSS across all frameworks
Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE,…
Index coverage and N+1 review aids for SQLite/D1 schemas with a sqlc catalog. Surfaces unused indexes (with FK CASCADE awareness so cascade-load-bearing indexes are not flagged),…
Unified dataset-discovery API across 7 scientific repositories — OpenNeuro + DANDI + PhysioNet (neuroscience, BIDS + NWB), Zenodo + Scientific Data (general), GEO (gene…
Relational-DB wrapper for scientific Python — `SQLite3` and `PostgreSQL` classes composed from a dozen shared mixins (connection, transaction, query, schema, index, row/batch ops,…
SCX-Studio-Pro projesinin Prisma ORM ve SQLite tabanlı veritabanı şemasını, model ilişkilerini, migrasyon süreçlerini ve veri yönetimini açıklar.
Planning-only skill for SDD projects. SDD builds **web apps** on Django + htmx + SQLite + Pico.css in Docker — one stack, the only one.
Full-stack security posture assessment with 0-100 risk scoring. Scans dependency vulnerabilities (npm audit, pip-audit, cargo audit, govulncheck), dangerous code patterns (SQL…
Build and ship features with security baked in — runs OWASP Top 10 pre-scan, builds and ships with /ship, validates with post-build security review, then penetration tests the…
Comprehensive security vulnerability analysis for codebases and infrastructure. Scans dependencies (npm, pip, gem, go, cargo), containers (Docker, Kubernetes), cloud IaC…
Durcissement de la sécurité des APIs — rate limiting, validation d'entrée, headers de sécurité, CORS, protection contre les attaques courantes.
Security Architect: Security by Design fuer den gesamten Entwicklungsprozess. 4 Modi: DESIGN (Threat Modeling bei Ideation/Planung), REVIEW (Security-Check bei Code-Aenderungen),…
Security payloads, bypass tables, wordlists, gf pattern names, always-rejected bug list, and conditionally-valid-with-chain table.
引导安全审查和漏洞评估,遵循 OWASP 标准。 使用时机:安全审计、漏洞检查、安全编码审查、威胁建模。 关键字:security, OWASP, vulnerability, authentication, authorization, 安全, 漏洞, 认证。
Security audit methodology and checklist for codebases. Use when performing security reviews, auditing a project for vulnerabilities, or hardening an application before…
[METHODOLOGY] Comprehensive security analysis against OWASP Top 10 standards (authentication, user input, database queries, external APIs). Preloaded by security-auditor agent.
Application security agent that audits code for OWASP Top 10 vulnerabilities, hardcoded secrets, and common security flaws.
Базовая безопасность в реализации — валидация входных данных (Zod), secrets management, безопасные ошибки, auth/authz patterns, XSS/injection prevention, dependency audit, secure…
Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies.
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply…
OWASP-based security checklist any agent can reference when reviewing or writing code
Security specialist perspective for the weekly review. Focuses on XSS/CSRF, authorization boundaries, input validation, secrets handling, and dependency CVEs.
Auto-invoke when reviewing authentication, authorization, input handling, data exposure, or any user-facing code. Enforces OWASP top 10 awareness and security-first thinking.
Expert en sécurité applicative pour détecter les vulnérabilités, auditer le code, et guider les bonnes pratiques de sécurité.