Skills your agents can run

Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications.

Use when configuring Fnox providers for encryption and secret storage. Covers age encryption, cloud providers (AWS, Azure, GCP), and password managers.

Scan codebase for secrets, API keys, credentials, and PII. Detect hardcoded sensitive data. Use when auditing for secrets, checking for exposed keys, reviewing security, or scanning for PII.

Secure authentication implementation patterns. Use when implementing user login, registration, password reset, session management, JWT authentication, or OAuth integration. Provides production-ready patterns that avoid common tutorial pitfalls like insecure token storage, weak password hashing, and session fixation.

Review AI API key leakage patterns and redaction strategies. Use for identifying exposed keys for OpenAI, Anthropic, Gemini, and 10+ other providers. Use proactively when code integrates AI providers or when environment variables/keys are present. Examples: - user: "Check for leaked OpenAI keys" → scan for `sk-` patterns and client-side exposure - user: "Is my Gemini integration secure?" → audit vertex AI config and key redaction - user: "Review AI provider logging" → ensure secrets are redacted from logs - user: "Scan for Anthropic secrets" → check for `ant-` keys in code and configs - user: "Audit Vertex AI integration" → verify proper IAM roles and service account usage

Use when essential PHP security patterns including input validation, SQL injection prevention, XSS protection, CSRF tokens, password hashing, secure session management, and defense-in-depth strategies for building secure PHP applications.

Guide for Direct Memory Access (DMA) attack techniques using FPGA hardware. Use this skill when researching PCIe DMA attacks, pcileech, FPGA firmware development, or hardware-based memory access for game security research.

ONVIF device security scanner for testing authentication and brute-forcing credentials. Use when you need to assess security of IP cameras or ONVIF-enabled devices.

Manage users and apps via OneLogin API. Handle SSO and identity management.

Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.

Let agents request OAuth access from end users via short links, continue working asynchronously, and later claim reusable third-party API tokens from local keychain storage instead of a centralized SaaS token vault.

Sicherheit & DSGVO - Atoll Tourisme. Use when reviewing security, implementing auth, or hardening code.

Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or undertaking research into protection mechanisms.

Guide authorized penetration testing engagements using PTES methodology. Covers reconnaissance, vulnerability scanning, exploitation, post-exploitation, and professional reporting. Requires explicit authorization before any testing activity.

Unified application security skill for Coding Agent systems like OpenCode. Use when reviewing or writing code that touches authentication, authorization, user input, payments, database access, secrets, deployment, dependencies, or AI/agent workflows. Includes OWASP Top 10 (2025), ASVS 5.0 highlights, agentic AI security, vibe‑coded pitfalls, insecure defaults detection, supply chain risk signals, and CI/CD agent action hardening.

Senior Information Security Manager specializing in ISO 27001 and ISO 27002 implementation for HealthTech and MedTech companies. Provides ISMS implementation, cybersecurity risk assessment, security controls management, and compliance oversight. Use for ISMS design, security risk assessments, control implementation, and ISO 27001 certification activities.

Sage wallet authentication and key management. Login/logout, generate mnemonics, import/delete keys, manage wallet identities.

Scan installed plugins and skills for security risks including malicious code AND malicious natural-language instructions. Use /security-scanner to audit before installation.

Phishing simulation campaign execution and analysis for security awareness assessment

Detects API keys, passwords, and secrets in code before they reach git. Use before commits, when working with credentials, or when user mentions "security check" or "secrets".