OAuth
AuthCommonly used with
Skills using OAuth (660)
google-play-console
Google Play Store publishing and management expertise
api-security-testing
API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.
dotnet-backend
Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns.
adobe-advanced-troubleshooting
Apply advanced debugging techniques for Adobe API issues: IMS token introspection, Firefly job failure analysis, PDF Services error codes, and network-layer diagnostics for Adobe endpoints. Trigger with phrases like "adobe hard bug", "adobe mystery error", "adobe impossible to debug", "difficult adobe issue", "adobe deep debug".
adobe-architecture-variants
Choose and implement Adobe architecture blueprints: standalone SDK integration, Adobe App Builder serverless, and dedicated microservice with event-driven Firefly/PDF pipelines. Decision matrix based on team size and throughput. Trigger with phrases like "adobe architecture", "adobe blueprint", "adobe app builder vs standalone", "adobe microservice".
adobe-local-dev-loop
Configure Adobe local development with App Builder CLI, Runtime actions, hot reload, and mock testing for Firefly/PDF/Photoshop APIs. Use when setting up a development environment, configuring test workflows, or establishing a fast iteration cycle with Adobe APIs. Trigger with phrases like "adobe dev setup", "adobe local development", "adobe dev environment", "develop with adobe", "aio app".
adobe-security-basics
Apply Adobe security best practices for OAuth credentials, secret rotation, I/O Events webhook signature verification, and least-privilege scoping. Use when securing API credentials, implementing webhook validation, or auditing Adobe security configuration. Trigger with phrases like "adobe security", "adobe secrets", "secure adobe", "adobe credential rotation", "adobe webhook signature".
appfolio-core-workflow-a
Build property management dashboard with AppFolio API data. Trigger: "appfolio property dashboard".
appfolio-install-auth
Configure AppFolio Stack API authentication with OAuth 2.0. Use when setting up property management API access, registering as an AppFolio Stack partner, or configuring client credentials for API calls. Trigger: "install appfolio", "setup appfolio", "appfolio auth", "appfolio API key".
attio-install-auth
Set up Attio REST API authentication with access tokens or OAuth 2.0. Use when configuring API keys, setting token scopes, initializing the Attio client, or connecting an app via OAuth. Trigger: "install attio", "setup attio", "attio auth", "attio API key", "attio OAuth", "attio access token".
building-api-authentication
Build secure API authentication systems with OAuth2, JWT, API keys, and session management. Use when implementing secure authentication flows. Trigger with phrases like "build authentication", "add API auth", or "secure the API".
building-api-gateway
Create API gateways with routing, load balancing, rate limiting, and authentication. Use when routing and managing multiple API services. Trigger with phrases like "build API gateway", "create API router", or "setup API gateway".
canva-advanced-troubleshooting
Apply Canva Connect API advanced debugging for hard-to-diagnose issues. Use when standard troubleshooting fails, investigating intermittent failures, or preparing evidence bundles for Canva developer support. Trigger with phrases like "canva hard bug", "canva mystery error", "canva impossible to debug", "difficult canva issue", "canva deep debug".
canva-architecture-variants
Choose and implement Canva Connect API architecture blueprints for different scales. Use when designing new Canva integrations, choosing between monolith/service/microservice architectures, or planning migration paths. Trigger with phrases like "canva architecture", "canva blueprint", "how to structure canva", "canva project layout", "canva microservice".
canva-data-handling
Implement Canva Connect API data handling, PII protection, and GDPR/CCPA compliance. Use when handling user design data, implementing data retention policies, or ensuring privacy compliance for Canva integrations. Trigger with phrases like "canva data", "canva PII", "canva GDPR", "canva data retention", "canva privacy", "canva CCPA".
canva-debug-bundle
Collect Canva Connect API debug evidence for troubleshooting and support. Use when encountering persistent issues, preparing support tickets, or collecting diagnostic information for Canva API problems. Trigger with phrases like "canva debug", "canva support bundle", "collect canva logs", "canva diagnostic".
canva-install-auth
Set up Canva Connect API OAuth 2.0 PKCE authentication and project scaffolding. Use when creating a new Canva integration, setting up OAuth credentials, or initializing a Canva Connect API project. Trigger with phrases like "install canva", "setup canva", "canva auth", "configure canva API", "canva OAuth".
canva-reference-architecture
Implement Canva Connect API reference architecture with best-practice project layout. Use when designing new Canva integrations, reviewing project structure, or establishing architecture standards for Canva applications. Trigger with phrases like "canva architecture", "canva project structure", "how to organize canva", "canva layout", "canva reference".
canva-reliability-patterns
Implement reliability patterns for Canva Connect API — circuit breakers, idempotency, graceful degradation. Use when building fault-tolerant Canva integrations, implementing retry strategies, or adding resilience to production Canva services. Trigger with phrases like "canva reliability", "canva circuit breaker", "canva resilience", "canva fallback", "canva fault tolerance".
canva-sdk-patterns
Apply production-ready Canva Connect API client patterns for TypeScript and Python. Use when building a reusable API client, implementing token refresh, or establishing team coding standards for Canva integrations. Trigger with phrases like "canva client patterns", "canva best practices", "canva code patterns", "canva API wrapper", "canva TypeScript client".
canva-security-basics
Apply Canva Connect API security best practices for OAuth tokens and access control. Use when securing OAuth credentials, implementing least-privilege scopes, or auditing Canva integration security. Trigger with phrases like "canva security", "canva secrets", "secure canva", "canva token security", "canva OAuth security".
configure
Configure Slack channel tokens (bot token + app-level token)
clickup-enterprise-rbac
Implement ClickUp Enterprise SSO, OAuth 2.0 multi-workspace access, role-based permissions, and organization management via API v2. Trigger: "clickup SSO", "clickup RBAC", "clickup enterprise", "clickup roles", "clickup permissions", "clickup OAuth app", "clickup multi-workspace".
clickup-install-auth
Set up ClickUp API v2 authentication with personal tokens or OAuth 2.0. Use when configuring a new ClickUp integration, setting up API access, or initializing OAuth flows for multi-user apps. Trigger: "install clickup", "setup clickup auth", "clickup API token", "clickup OAuth", "configure clickup credentials".
clickup-security-basics
Secure ClickUp API tokens, implement least-privilege access, and audit usage. Use when securing API keys, rotating tokens, configuring per-environment credentials, or auditing ClickUp API access patterns. Trigger: "clickup security", "clickup secrets", "secure clickup token", "clickup API key rotation", "clickup access audit".
figma-enterprise-rbac
Configure Figma Enterprise features: OAuth 2.0, team management, and access control. Use when implementing OAuth flows, managing team/project access via API, or building Enterprise-level Figma integrations. Trigger with phrases like "figma enterprise", "figma OAuth", "figma team management", "figma access control", "figma SCIM".
figma-install-auth
Set up Figma REST API authentication with personal access tokens or OAuth 2.0. Use when connecting to the Figma API, generating tokens, configuring scopes, or setting up OAuth flows for Figma integrations. Trigger with phrases like "install figma", "setup figma API", "figma auth", "figma personal access token", "figma OAuth".
finta-prod-checklist
Fundraise launch checklist using Finta CRM. Trigger with phrases like "finta checklist", "finta launch", "finta go-live".
fondo-install-auth
Set up Fondo account and configure integrations with Gusto, QuickBooks, and bank accounts for automated startup bookkeeping and R&D tax credits. Trigger: "setup fondo", "fondo account", "fondo integrations", "connect fondo".
fondo-prod-checklist
Execute Fondo production readiness checklist for year-end tax filing, R&D credit claims, and board-ready financial reporting. Trigger: "fondo production", "fondo tax filing ready", "fondo year-end checklist".
fondo-security-basics
Apply security best practices for Fondo including OAuth token management, financial data protection, SOC 2 compliance, and access control. Trigger: "fondo security", "fondo data protection", "fondo SOC 2", "fondo access control".
generating-api-sdks
Generate client SDKs in multiple languages from OpenAPI specifications. Use when generating client libraries for API consumption. Trigger with phrases like "generate SDK", "create client library", or "build API SDK".
grammarly-debug-bundle
Collect Grammarly debug evidence for support tickets and troubleshooting. Use when encountering persistent issues, preparing support tickets, or collecting diagnostic information for Grammarly problems. Trigger with phrases like "grammarly debug", "grammarly support bundle", "collect grammarly logs", "grammarly diagnostic".
grammarly-incident-runbook
Follow Grammarly incident response runbook for API outages. Use when Grammarly API is down, experiencing errors, or when investigating service degradation. Trigger with phrases like "grammarly down", "grammarly outage", "grammarly incident", "grammarly not responding".
grammarly-install-auth
Install and configure Grammarly SDK/CLI authentication. Use when setting up a new Grammarly integration, configuring API keys, or initializing Grammarly in your project. Trigger with phrases like "install grammarly", "setup grammarly", "grammarly auth", "configure grammarly API key".
guidewire-install-auth
Install Guidewire Studio, configure Cloud API OAuth2 authentication, and register applications with Guidewire Hub. Trigger: "install guidewire", "guidewire auth", "guidewire OAuth2", "guidewire Cloud API setup".
guidewire-security-basics
Implement Guidewire security: OAuth2 JWT, API roles, Gosu secure coding, and data protection. Trigger: "guidewire security basics", "security-basics".
hex-install-auth
Install and configure Hex SDK/CLI authentication. Use when setting up a new Hex integration, configuring API keys, or initializing Hex in your project. Trigger with phrases like "install hex", "setup hex", "hex auth", "configure hex API key".
hootsuite-common-errors
Diagnose and fix Hootsuite common errors and exceptions. Use when encountering Hootsuite errors, debugging failed requests, or troubleshooting integration issues. Trigger with phrases like "hootsuite error", "fix hootsuite", "hootsuite not working", "debug hootsuite".
hootsuite-debug-bundle
Collect Hootsuite debug evidence for support tickets and troubleshooting. Use when encountering persistent issues, preparing support tickets, or collecting diagnostic information for Hootsuite problems. Trigger with phrases like "hootsuite debug", "hootsuite support bundle", "collect hootsuite logs", "hootsuite diagnostic".
hootsuite-install-auth
Install and configure Hootsuite SDK/CLI authentication. Use when setting up a new Hootsuite integration, configuring API keys, or initializing Hootsuite in your project. Trigger with phrases like "install hootsuite", "setup hootsuite", "hootsuite auth", "configure hootsuite API key".
hootsuite-local-dev-loop
Configure Hootsuite local development with hot reload and testing. Use when setting up a development environment, configuring test workflows, or establishing a fast iteration cycle with Hootsuite. Trigger with phrases like "hootsuite dev setup", "hootsuite local development", "hootsuite dev environment", "develop with hootsuite".
hubspot-common-errors
Diagnose and fix common HubSpot API errors with real error responses. Use when encountering HubSpot errors, debugging failed API requests, or troubleshooting integration issues with specific HTTP status codes. Trigger with phrases like "hubspot error", "fix hubspot", "hubspot 401", "hubspot 429", "hubspot not working", "debug hubspot API".
hubspot-install-auth
Install and configure HubSpot API client with authentication. Use when setting up a new HubSpot integration, configuring private app tokens, OAuth 2.0 flows, or initializing the @hubspot/api-client SDK. Trigger with phrases like "install hubspot", "setup hubspot auth", "hubspot access token", "configure hubspot API", "hubspot private app".
intercom-enterprise-rbac
Configure Intercom enterprise OAuth, admin roles, and app-level access control. Use when implementing OAuth integration, managing admin permissions, or setting up organization-level controls for Intercom. Trigger with phrases like "intercom OAuth", "intercom RBAC", "intercom enterprise", "intercom roles", "intercom permissions", "intercom admin access".
klaviyo-enterprise-rbac
Configure Klaviyo enterprise access control with API key scopes and OAuth. Use when implementing per-key scoping, configuring OAuth app authorization, or setting up organization-level access controls for Klaviyo. Trigger with phrases like "klaviyo scopes", "klaviyo RBAC", "klaviyo enterprise", "klaviyo permissions", "klaviyo OAuth", "klaviyo access control".
lindy-data-handling
Data handling best practices for Lindy AI agents. Use when managing sensitive data in agent workflows, implementing data privacy controls, or ensuring compliance. Trigger with phrases like "lindy data", "lindy privacy", "lindy PII", "lindy data handling", "lindy GDPR", "lindy HIPAA".
linear-core-workflow-a
Issue lifecycle management with Linear: create, update, transition, relate, comment, and organize issues through the SDK and GraphQL API. Trigger: "linear issue workflow", "linear issue lifecycle", "create linear issues", "update linear issue", "linear state transition", "linear sub-issues", "linear comments".
linear-core-workflow-b
Project, cycle, and roadmap management workflows with Linear. Use when implementing sprint planning, managing projects and milestones, or organizing work into cycles. Trigger: "linear project", "linear cycle", "linear sprint", "linear roadmap", "linear planning", "linear milestone".
linear-enterprise-rbac
Implement enterprise role-based access control with Linear. Use when setting up team permissions, OAuth scopes, SAML SSO, SCIM provisioning, or audit logging. Trigger: "linear RBAC", "linear permissions", "linear SSO", "linear enterprise access", "linear role management", "linear SCIM".
linear-install-auth
Install and configure Linear SDK/CLI authentication. Use when setting up a new Linear integration, configuring API keys, OAuth2 flows, or initializing LinearClient in your project. Trigger: "install linear", "setup linear", "linear auth", "configure linear API key", "linear SDK setup", "linear OAuth".
linear-security-basics
Secure API key management, OAuth best practices, and webhook verification for Linear integrations. Trigger: "linear security", "linear API key security", "linear OAuth", "secure linear", "linear webhook verification", "linear secrets management", "linear token refresh".
linktree-debug-bundle
Debug Bundle for Linktree. Trigger: "linktree debug bundle".
linktree-rate-limits
Rate Limits for Linktree. Trigger: "linktree rate limits".
lokalise-install-auth
Install and configure Lokalise SDK/CLI authentication. Use when setting up a new Lokalise integration, configuring API tokens, or initializing Lokalise in your project. Trigger with phrases like "install lokalise", "setup lokalise", "lokalise auth", "configure lokalise API token".
lucidchart-ci-integration
Ci Integration for Lucidchart. Trigger: "lucidchart ci integration".
lucidchart-common-errors
Diagnose and fix Lucidchart common errors. Trigger: "lucidchart error", "fix lucidchart", "debug lucidchart".
lucidchart-core-workflow-a
Execute Lucidchart primary workflow: Document & Shape Creation. Trigger: "lucidchart document & shape creation", "primary lucidchart workflow".
lucidchart-debug-bundle
Debug Bundle for Lucidchart. Trigger: "lucidchart debug bundle".
lucidchart-deploy-integration
Deploy Integration for Lucidchart. Trigger: "lucidchart deploy integration".
lucidchart-performance-tuning
Optimize Lucidchart API integration performance with caching, batch shape operations, and pagination strategies. Use when diagram exports are slow, shape updates hit rate limits, or document list queries time out. Trigger with "lucidchart performance tuning".
lucidchart-prod-checklist
Prod Checklist for Lucidchart. Trigger: "lucidchart prod checklist".
lucidchart-rate-limits
Rate Limits for Lucidchart. Trigger: "lucidchart rate limits".
lucidchart-reference-architecture
Reference Architecture for Lucidchart. Trigger: "lucidchart reference architecture".
lucidchart-sdk-patterns
Sdk Patterns for Lucidchart. Trigger: "lucidchart sdk patterns".
lucidchart-security-basics
Security Basics for Lucidchart. Trigger: "lucidchart security basics".
lucidchart-webhooks-events
Webhooks Events for Lucidchart. Trigger: "lucidchart webhooks events".
miro-data-handling
Implement Miro REST API v2 data handling with PII detection in board content, data export via API, retention policies, and GDPR/CCPA compliance patterns. Trigger with phrases like "miro data", "miro PII", "miro GDPR", "miro data export", "miro privacy", "miro compliance".
miro-deploy-integration
Deploy Miro REST API v2 integrations to Vercel, Fly.io, and Cloud Run with proper OAuth token management and webhook configuration. Trigger with phrases like "deploy miro", "miro Vercel", "miro production deploy", "miro Cloud Run", "miro Fly.io".
miro-install-auth
Install and configure Miro REST API v2 authentication with OAuth 2.0. Use when setting up a new Miro app, configuring OAuth tokens, or initializing the @mirohq/miro-api Node.js client. Trigger with phrases like "install miro", "setup miro", "miro auth", "miro OAuth", "configure miro API".
miro-reference-architecture
Implement a production-ready reference architecture for Miro REST API v2 integrations with layered design, caching, and event processing. Trigger with phrases like "miro architecture", "miro project structure", "how to organize miro integration", "miro design patterns".
miro-sdk-patterns
Apply production-ready patterns for @mirohq/miro-api client usage. Use when implementing Miro integrations, refactoring SDK usage, or establishing coding standards for Miro REST API v2. Trigger with phrases like "miro SDK patterns", "miro best practices", "miro code patterns", "miro client wrapper", "miro typescript".
miro-security-basics
Apply Miro REST API v2 security best practices — OAuth scope minimization, token storage, webhook signature validation, and secret rotation. Trigger with phrases like "miro security", "miro secrets", "secure miro", "miro token security", "miro webhook signature".
navan-ci-integration
Use when setting up CI/CD pipelines that validate Navan API integrations, run booking data health checks, or generate automated compliance reports. Trigger with "navan ci integration" or "navan pipeline" or "navan github actions".
navan-common-errors
Diagnose and fix common Navan API errors with targeted fix procedures. Use when an API call returns an unexpected HTTP error or when debugging production failures. Trigger with "navan error", "fix navan", "debug navan", "navan 401", "navan 403", "navan 429".
navan-core-workflow-a
Manage the complete Navan travel booking lifecycle via REST API. Use when building travel dashboards, automating trip reporting, or syncing booking data to internal systems. Trigger with "navan travel workflow", "navan booking management", "navan trip retrieval".
navan-core-workflow-b
Manage Navan expense reporting, transaction data, and ERP synchronization. Use when building expense pipelines, automating approval workflows, or syncing transactions to accounting systems. Trigger with "navan expense management", "navan expense workflow", "navan transaction sync".
navan-cost-tuning
Use when optimizing travel spend with Navan's policy engine, analyzing booking patterns for savings, and configuring the Navan Rewards program. Trigger with "navan cost tuning" or "navan travel savings" or "navan spend optimization".
navan-data-handling
Extract and transform Navan booking and transaction data using pagination, filtering, and data pipeline connectors. Use when building data warehouses, analytics dashboards, or debugging data quality issues with Navan data. Trigger with "navan data handling", "navan data extraction", "navan pagination".
navan-data-sync
Implement incremental sync strategies for Navan BOOKING and TRANSACTION data with ETL pipeline patterns. Use when setting up production data pipelines, debugging sync drift, or adding real-time event processing. Trigger with "navan data sync", "navan incremental sync", "navan ETL pipeline".
navan-debug-bundle
Use when collecting diagnostic data from a Navan API integration — OAuth token inspection, API response capture, connectivity testing, and request/response logging. Trigger with "navan debug bundle" or "debug navan api".
navan-deploy-integration
Use when deploying Navan integrations with ERP systems (NetSuite, Sage Intacct, Xero), HRIS platforms (Workday, BambooHR), or identity providers (Okta, Azure AD). Trigger with "navan deploy integration" or "navan erp setup" or "navan sso deployment".
navan-enterprise-rbac
Configure Navan admin roles, travel policies, approval workflows, and department-level access controls. Use when setting up enterprise RBAC, policy enforcement, or approval chains in Navan. Trigger with "navan rbac", "navan roles", "navan travel policy", "navan approval workflow".
navan-hello-world
Make your first Navan API call to retrieve trip and user data. Use when verifying a new Navan integration works end-to-end after auth setup. Trigger with "navan hello world", "navan example", "test navan api", "first navan call".
navan-incident-runbook
Use when responding to Navan platform incidents — flight cancellations, booking API failures, expense sync outages, or OAuth authentication errors. Trigger with "navan incident runbook" or "navan outage response".
navan-install-auth
Set up OAuth 2.0 authentication for the Navan REST API. Use when configuring a new Navan integration or rotating API credentials. Trigger with "install navan", "setup navan auth", "navan credentials", "navan oauth".
navan-local-dev-loop
Set up a local development environment for Navan API integrations with token caching and request logging. Use when starting a new Navan project or debugging API issues locally. Trigger with "navan local dev", "navan dev setup", "navan local dev loop", "navan dev environment".
navan-migration-deep-dive
Use when planning or executing a migration from SAP Concur or legacy TMC to Navan — data migration, user provisioning, policy recreation, and cutover planning. Trigger with "navan migration deep dive" or "migrate to navan from concur".
navan-multi-env-setup
Set up dev/staging/prod environment separation for Navan integrations without a sandbox API. Use when configuring multiple environments, building CI test pipelines, or setting up local development. Trigger with "navan environments", "navan multi env", "navan dev setup", "navan mock server".
navan-observability
Use when setting up monitoring, logging, and alerting for Navan API integrations in production environments. Trigger with "navan observability" or "navan monitoring" or "navan api dashboards".
navan-performance-tuning
Use when optimizing Navan API call patterns for high-volume integrations — caching, batching, connection pooling, and pagination strategies. Trigger with "navan performance tuning" or "navan api optimization" or "navan caching".
navan-rate-limits
Implement adaptive rate-limiting for the Navan REST API with exponential backoff and request queuing. Use when building bulk data operations or encountering 429 errors from Navan. Trigger with "navan rate limits", "navan throttling", "navan 429".
navan-reference-architecture
Use when designing a production Navan API integration architecture — API gateway, token management, data sync pipelines, ERP connectors, and monitoring stack. Trigger with "navan reference architecture" or "navan integration architecture".
navan-sdk-patterns
Build a typed API wrapper around Navan REST endpoints since no official SDK exists. Use when you need production-grade API access with auto token refresh, retry logic, and typed responses. Trigger with "navan sdk patterns", "navan api wrapper", "navan client class", "navan typed client".
navan-security-basics
Secure Navan API credentials with OAuth 2.0 best practices, SSO/SAML, and SCIM provisioning. Use when hardening a Navan integration, rotating credentials, or configuring identity provider SSO. Trigger with "navan security", "navan sso", "navan credentials", "navan scim".
navan-webhooks-events
Set up webhook listeners for real-time Navan event notifications. Use when you need to receive booking, expense, or travel disruption events from Navan. Trigger with "navan webhooks", "navan events", "navan webhook setup".
notion-enterprise-rbac
Configure Notion enterprise access control with OAuth, workspace permissions, and audit logging. Use when implementing OAuth public integrations, managing multi-workspace access, or building permission-aware Notion applications. Trigger with phrases like "notion SSO", "notion RBAC", "notion enterprise", "notion OAuth", "notion permissions", "notion multi-workspace".
notion-prod-checklist
Execute Notion API production deployment checklist and readiness verification. Use when deploying Notion integrations to production, preparing for launch, verifying go-live readiness, or auditing an existing Notion integration. Trigger: "notion production checklist", "deploy notion integration", "notion go-live", "notion launch readiness", "notion prod audit".
notion-security-basics
Apply Notion API security best practices for integration tokens, OAuth2 flows, least-privilege capabilities, and page-level access control. Use when securing integration tokens, configuring OAuth2 for public integrations, rotating credentials, or auditing which pages an integration can access. Trigger with phrases like "notion security", "notion secrets", "secure notion", "notion API key security", "notion token rotation", "notion OAuth2", "notion permissions audit".
onenote-security-basics
Implement secure authentication, token management, and permission scoping for OneNote Graph API. Use when hardening OneNote integrations, implementing least-privilege permissions, or managing token lifecycle. Trigger with "onenote security", "onenote permissions", "onenote token management", "onenote least privilege".
palantir-common-errors
Diagnose and fix Palantir Foundry common errors and API exceptions. Use when encountering Foundry errors, debugging failed API calls, or troubleshooting transform build failures. Trigger with phrases like "palantir error", "fix palantir", "foundry not working", "debug foundry", "palantir 401 403".
palantir-deploy-integration
Deploy Palantir Foundry integrations to cloud platforms with secrets management. Use when deploying Foundry-powered applications to production, configuring platform-specific secrets, or setting up deployment pipelines. Trigger with phrases like "deploy palantir", "foundry deploy", "palantir production deploy", "foundry Cloud Run".
palantir-hello-world
Create a minimal working Palantir Foundry example querying Ontology objects. Use when starting a new Foundry integration, testing your setup, or learning basic Foundry API and Ontology patterns. Trigger with phrases like "palantir hello world", "palantir example", "palantir quick start", "foundry first query".
palantir-install-auth
Install and configure Palantir Foundry SDK authentication with OAuth2 or token auth. Use when setting up a new Foundry integration, configuring API credentials, or initializing the foundry-platform-sdk in your project. Trigger with phrases like "install palantir", "setup palantir", "palantir auth", "configure palantir API key", "foundry SDK setup".
palantir-prod-checklist
Execute Palantir Foundry production deployment checklist and rollback procedures. Use when deploying Foundry integrations to production, preparing for launch, or implementing go-live procedures. Trigger with phrases like "palantir production", "deploy foundry", "palantir go-live", "foundry launch checklist".
palantir-security-basics
Apply Palantir Foundry security best practices for credentials, scopes, and access control. Use when securing API tokens, implementing least privilege access, or auditing Foundry security configuration. Trigger with phrases like "palantir security", "foundry secrets", "secure palantir", "palantir API key security", "foundry scopes".
podium-core-workflow-a
Podium core workflow a — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium core workflow a", "podium-core-workflow-a".
podium-install-auth
Podium install auth — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium install auth", "podium-install-auth".
podium-webhooks-events
Podium webhooks events — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium webhooks events", "podium-webhooks-events".
procore-install-auth
Procore install auth — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore install auth", "procore-install-auth".
ramp-install-auth
Ramp install auth — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp install auth", "ramp-install-auth", "corporate card API".
salesforce-install-auth
Install and configure Salesforce SDK/CLI authentication with jsforce or Salesforce CLI. Use when setting up a new Salesforce integration, configuring OAuth flows, or initializing Salesforce connectivity in your project. Trigger with phrases like "install salesforce", "setup salesforce", "salesforce auth", "configure salesforce", "jsforce setup", "sf cli login".
salesloft-ci-integration
Set up CI/CD pipelines for SalesLoft integrations with GitHub Actions. Use when automating SalesLoft integration tests, validating OAuth tokens, or running cadence sync validation in CI. Trigger: "salesloft CI", "salesloft GitHub Actions", "salesloft automated tests".
salesloft-common-errors
Diagnose and fix SalesLoft API errors: 401, 403, 422, 429, and 5xx. Use when encountering SalesLoft errors, debugging failed requests, or troubleshooting OAuth token issues. Trigger: "salesloft error", "fix salesloft", "salesloft not working", "salesloft 429".
salesloft-debug-bundle
Collect SalesLoft debug evidence for support tickets and troubleshooting. Use when encountering persistent issues, preparing support tickets, or collecting diagnostic info for SalesLoft API problems. Trigger: "salesloft debug", "salesloft diagnostic", "salesloft support bundle".
salesloft-deploy-integration
Deploy SalesLoft integrations to Vercel, Fly.io, and Cloud Run. Use when deploying SalesLoft-powered apps to production, configuring platform secrets, or setting up webhook endpoints. Trigger: "deploy salesloft", "salesloft Vercel", "salesloft Cloud Run".
salesloft-hello-world
Create a minimal working SalesLoft example — list people and create a person. Use when starting a new SalesLoft integration, testing your setup, or learning the People and Cadences API patterns. Trigger: "salesloft hello world", "salesloft example", "salesloft quick start".
salesloft-install-auth
Set up SalesLoft API authentication with OAuth 2.0 or API key. Use when configuring a new SalesLoft integration, setting up OAuth flows, or initializing API access to the SalesLoft REST API v2. Trigger: "install salesloft", "setup salesloft", "salesloft auth", "salesloft API key".
salesloft-security-basics
Secure SalesLoft OAuth tokens, API keys, and webhook signatures. Use when implementing token rotation, securing webhook endpoints, or auditing SalesLoft API access controls. Trigger: "salesloft security", "salesloft secrets", "secure salesloft", "salesloft token rotation".
salesloft-upgrade-migration
Migrate between SalesLoft API versions and handle breaking changes. Use when SalesLoft announces API deprecations, upgrading OAuth flows, or transitioning from legacy endpoints. Trigger: "upgrade salesloft", "salesloft migration", "salesloft API version".
twinmind-prod-checklist
Complete production deployment checklist for TwinMind integrations. Use when preparing to deploy, auditing production readiness, or ensuring best practices are followed. Trigger with phrases like "twinmind production", "deploy twinmind", "twinmind go-live checklist", "twinmind production ready".
webflow-enterprise-rbac
Configure Webflow enterprise access control — OAuth 2.0 app authorization, scope-based RBAC, per-site token isolation, workspace member management, and audit logging for compliance. Trigger with phrases like "webflow RBAC", "webflow enterprise", "webflow roles", "webflow permissions", "webflow OAuth scopes", "webflow access control", "webflow workspace members".
webflow-install-auth
Install the Webflow JS SDK (webflow-api) and configure OAuth 2.0 or API token authentication. Use when setting up a new Webflow integration, configuring access tokens, or initializing the WebflowClient in your project. Trigger with phrases like "install webflow", "setup webflow", "webflow auth", "configure webflow API token", "webflow OAuth".
webflow-security-basics
Apply Webflow API security best practices — token management, scope least privilege, OAuth 2.0 secret rotation, webhook signature verification, and audit logging. Use when securing API tokens, implementing least privilege access, or auditing Webflow security configuration. Trigger with phrases like "webflow security", "webflow secrets", "secure webflow", "webflow API key security", "webflow token rotation".
workhuman-install-auth
Workhuman install auth for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman install auth".
api-security-best-practices
Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities
api-security-testing
API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.
aws-secrets-rotation
Automate AWS secrets rotation for RDS, API keys, and credentials
dotnet-backend
Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns.
hubspot-integration
Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs.
reddit-ads
Reddit Ads API - campaigns, targeting, conversions, agentic optimization
reddit-api
Reddit API with PRAW (Python) and Snoowrap (Node.js)
new-rails-project
Create a new Rails project
blog-google
Google API integration for blog performance: PageSpeed Insights, CrUX Core Web Vitals with 25-week history, Search Console performance, URL Inspection, Indexing API, GA4 organic traffic, NLP entity analysis for E-E-A-T, YouTube video search for embedding, and Google Ads Keyword Planner. Progressive feature availability based on credential tier (API key, OAuth/service account, GA4, Ads). Shares config with claude-seo at ~/.config/claude-seo/google-api.json. Use when user says "google data", "page speed", "core web vitals", "search console", "indexation", "GA4", "keyword research", "nlp entities", "blog performance", "youtube search", "google api setup".
seo-google
Google SEO APIs: Search Console (Search Analytics, URL Inspection, Sitemaps), PageSpeed Insights v5, CrUX field data with 25-week history, Indexing API v3, and GA4 organic traffic. Provides real Google field data for Core Web Vitals, indexation status, search performance, and organic traffic trends. Use when user says "search console", "GSC", "PageSpeed", "CrUX", "field data", "indexing API", "GA4 organic", "URL inspection", "google api setup", "real CWV data", "impressions", "clicks", "CTR", "position data", "LCP", "INP", "CLS", "FCP", "TTFB", or "Lighthouse scores".
benchling-integration
Benchling R&D platform integration. Access registry (DNA, proteins), inventory, ELN entries, workflows via API, build Benchling Apps, query Data Warehouse, for lab data management automation.
fathom-common-errors
Diagnose and fix Fathom API errors including auth failures and missing data. Use when API calls fail, transcripts are empty, or webhooks are not firing. Trigger with phrases like "fathom error", "fathom not working", "fathom api failure", "fix fathom".
fondo-common-errors
Diagnose and fix common Fondo issues including integration sync failures, categorization errors, and R&D credit qualification problems. Trigger: "fondo error", "fondo sync issue", "fondo not syncing", "fondo problem".
guidewire-common-errors
Diagnose and fix common Guidewire Cloud API errors including Gosu exceptions, validation failures, and integration issues. Trigger: "guidewire common errors", "common-errors".
guidewire-debug-bundle
Collect Guidewire diagnostic info including Cloud API responses, Gosu stack traces, and server logs. Trigger: "guidewire debug bundle", "debug-bundle".
guidewire-incident-runbook
Respond to Guidewire production incidents: triage, mitigation, and recovery. Trigger: "guidewire incident runbook", "incident-runbook".
hootsuite-reference-architecture
Implement Hootsuite reference architecture with best-practice project layout. Use when designing new Hootsuite integrations, reviewing project structure, or establishing architecture standards for Hootsuite applications. Trigger with phrases like "hootsuite architecture", "hootsuite best practices", "hootsuite project structure", "how to organize hootsuite", "hootsuite layout".
hootsuite-security-basics
Apply Hootsuite security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Hootsuite security configuration. Trigger with phrases like "hootsuite security", "hootsuite secrets", "secure hootsuite", "hootsuite API key security".
lucidchart-install-auth
Install and configure Lucidchart SDK/API authentication. Use when setting up a new Lucidchart integration. Trigger: "install lucidchart", "setup lucidchart", "lucidchart auth".
oauth2-flow-helper
Configure with oauth2 flow helper operations. Auto-activating skill for Security Fundamentals. Triggers on: oauth2 flow helper, oauth2 flow helper Part of the Security Fundamentals skill category. Use when working with oauth2 flow helper functionality. Trigger with phrases like "oauth2 flow helper", "oauth2 helper", "oauth2".
podium-ci-integration
Podium ci integration — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium ci integration", "podium-ci-integration".
podium-common-errors
Podium common errors — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium common errors", "podium-common-errors".
podium-cost-tuning
Podium cost tuning — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium cost tuning", "podium-cost-tuning".
podium-debug-bundle
Podium debug bundle — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium debug bundle", "podium-debug-bundle".
podium-deploy-integration
Podium deploy integration — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium deploy integration", "podium-deploy-integration".
podium-local-dev-loop
Podium local dev loop — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium local dev loop", "podium-local-dev-loop".
podium-performance-tuning
Podium performance tuning — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium performance tuning", "podium-performance-tuning".
podium-prod-checklist
Podium prod checklist — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium prod checklist", "podium-prod-checklist".
podium-rate-limits
Podium rate limits — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium rate limits", "podium-rate-limits".
podium-reference-architecture
Podium reference architecture — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium reference architecture", "podium-reference-architecture".
podium-sdk-patterns
Podium sdk patterns — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium sdk patterns", "podium-sdk-patterns".
podium-security-basics
Podium security basics — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium security basics", "podium-security-basics".
podium-upgrade-migration
Podium upgrade migration — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium upgrade migration", "podium-upgrade-migration".
procore-ci-integration
Procore ci integration — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore ci integration", "procore-ci-integration".
procore-common-errors
Procore common errors — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore common errors", "procore-common-errors".
procore-cost-tuning
Procore cost tuning — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore cost tuning", "procore-cost-tuning".
procore-data-handling
Procore data handling — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore data handling", "procore-data-handling".
procore-debug-bundle
Procore debug bundle — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore debug bundle", "procore-debug-bundle".
procore-deploy-integration
Procore deploy integration — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore deploy integration", "procore-deploy-integration".
procore-enterprise-rbac
Procore enterprise rbac — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore enterprise rbac", "procore-enterprise-rbac".
procore-incident-runbook
Procore incident runbook — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore incident runbook", "procore-incident-runbook".
procore-local-dev-loop
Procore local dev loop — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore local dev loop", "procore-local-dev-loop".
procore-migration-deep-dive
Procore migration deep dive — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore migration deep dive", "procore-migration-deep-dive".
procore-multi-env-setup
Procore multi env setup — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore multi env setup", "procore-multi-env-setup".
procore-observability
Procore observability — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore observability", "procore-observability".
procore-performance-tuning
Procore performance tuning — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore performance tuning", "procore-performance-tuning".
procore-prod-checklist
Procore prod checklist — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore prod checklist", "procore-prod-checklist".
procore-rate-limits
Procore rate limits — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore rate limits", "procore-rate-limits".
procore-reference-architecture
Procore reference architecture — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore reference architecture", "procore-reference-architecture".
procore-sdk-patterns
Procore sdk patterns — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore sdk patterns", "procore-sdk-patterns".
procore-security-basics
Procore security basics — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore security basics", "procore-security-basics".
procore-upgrade-migration
Procore upgrade migration — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore upgrade migration", "procore-upgrade-migration".
procore-webhooks-events
Procore webhooks events — construction management platform integration. Use when working with Procore API for project management, RFIs, or submittals. Trigger with phrases like "procore webhooks events", "procore-webhooks-events".
ramp-ci-integration
Ramp ci integration — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp ci integration", "ramp-ci-integration", "corporate card API".
ramp-common-errors
Ramp common errors — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp common errors", "ramp-common-errors", "corporate card API".
ramp-cost-tuning
Ramp cost tuning — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp cost tuning", "ramp-cost-tuning", "corporate card API".
ramp-data-handling
Ramp data handling — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp data handling", "ramp-data-handling", "corporate card API".
ramp-debug-bundle
Ramp debug bundle — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp debug bundle", "ramp-debug-bundle", "corporate card API".
ramp-deploy-integration
Ramp deploy integration — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp deploy integration", "ramp-deploy-integration", "corporate card API".
ramp-enterprise-rbac
Ramp enterprise rbac — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp enterprise rbac", "ramp-enterprise-rbac", "corporate card API".
ramp-incident-runbook
Ramp incident runbook — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp incident runbook", "ramp-incident-runbook", "corporate card API".
ramp-local-dev-loop
Ramp local dev loop — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp local dev loop", "ramp-local-dev-loop", "corporate card API".
ramp-migration-deep-dive
Ramp migration deep dive — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp migration deep dive", "ramp-migration-deep-dive", "corporate card API".
ramp-multi-env-setup
Ramp multi env setup — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp multi env setup", "ramp-multi-env-setup", "corporate card API".
ramp-observability
Ramp observability — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp observability", "ramp-observability", "corporate card API".
ramp-performance-tuning
Ramp performance tuning — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp performance tuning", "ramp-performance-tuning", "corporate card API".
ramp-prod-checklist
Ramp prod checklist — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp prod checklist", "ramp-prod-checklist", "corporate card API".
ramp-rate-limits
Ramp rate limits — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp rate limits", "ramp-rate-limits", "corporate card API".
ramp-reference-architecture
Ramp reference architecture — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp reference architecture", "ramp-reference-architecture", "corporate card API".
ramp-sdk-patterns
Ramp sdk patterns — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp sdk patterns", "ramp-sdk-patterns", "corporate card API".
ramp-security-basics
Ramp security basics — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp security basics", "ramp-security-basics", "corporate card API".
ramp-upgrade-migration
Ramp upgrade migration — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp upgrade migration", "ramp-upgrade-migration", "corporate card API".
ramp-webhooks-events
Ramp webhooks events — corporate card and expense management API integration. Use when working with Ramp for card management, expenses, or accounting sync. Trigger with phrases like "ramp webhooks events", "ramp-webhooks-events", "corporate card API".
veeva-ci-integration
Veeva Vault ci integration for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva ci integration".
veeva-common-errors
Veeva Vault common errors for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva common errors".
veeva-core-workflow-a
Veeva Vault core workflow a for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva core workflow a".
veeva-core-workflow-b
Veeva Vault core workflow b for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva core workflow b".
veeva-cost-tuning
Veeva Vault cost tuning for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva cost tuning".
veeva-debug-bundle
Veeva Vault debug bundle for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva debug bundle".
veeva-deploy-integration
Veeva Vault deploy integration for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva deploy integration".
veeva-install-auth
Veeva Vault install auth with REST API and VQL. Use when integrating with Veeva Vault for life sciences document management. Trigger: "veeva install auth".
veeva-local-dev-loop
Veeva Vault local dev loop for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva local dev loop".
veeva-performance-tuning
Veeva Vault performance tuning for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva performance tuning".
veeva-prod-checklist
Veeva Vault prod checklist for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva prod checklist".
veeva-rate-limits
Veeva Vault rate limits for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva rate limits".
veeva-reference-architecture
Veeva Vault reference architecture for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva reference architecture".
veeva-sdk-patterns
Veeva Vault sdk patterns for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva sdk patterns".
veeva-security-basics
Veeva Vault security basics for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva security basics".
veeva-upgrade-migration
Veeva Vault upgrade migration for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva upgrade migration".
veeva-webhooks-events
Veeva Vault webhooks events for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva webhooks events".
windsurf-enterprise-sso
Configure enterprise SSO integration for Windsurf. Activate when users mention "sso configuration", "single sign-on", "enterprise authentication", "saml setup", or "identity provider". Handles enterprise identity integration. Use when working with windsurf enterprise sso functionality. Trigger with phrases like "windsurf enterprise sso", "windsurf sso", "windsurf".
workhuman-ci-integration
Workhuman ci integration for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman ci integration".
workhuman-common-errors
Workhuman common errors for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman common errors".
workhuman-core-workflow-a
Workhuman core workflow a for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman core workflow a".
workhuman-core-workflow-b
Workhuman core workflow b for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman core workflow b".
workhuman-cost-tuning
Workhuman cost tuning for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman cost tuning".
workhuman-debug-bundle
Workhuman debug bundle for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman debug bundle".
workhuman-deploy-integration
Workhuman deploy integration for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman deploy integration".
workhuman-local-dev-loop
Workhuman local dev loop for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman local dev loop".
workhuman-performance-tuning
Workhuman performance tuning for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman performance tuning".
workhuman-prod-checklist
Workhuman prod checklist for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman prod checklist".
workhuman-rate-limits
Workhuman rate limits for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman rate limits".
workhuman-reference-architecture
Workhuman reference architecture for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman reference architecture".
workhuman-sdk-patterns
Workhuman sdk patterns for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman sdk patterns".
workhuman-security-basics
Workhuman security basics for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman security basics".
workhuman-upgrade-migration
Workhuman upgrade migration for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman upgrade migration".
workhuman-webhooks-events
Workhuman webhooks events for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman webhooks events".
configuring-oauth2-authorization-flow
Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token
detecting-email-account-compromise
Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.
detecting-oauth-token-theft
Detects and responds to OAuth token theft and replay attacks in cloud environments, focusing on Microsoft Entra ID (Azure AD) token protection, conditional access policies, and sign-in anomaly detection. Covers access token theft, refresh token replay, Primary Refresh Token (PRT) abuse, and pass-the-cookie attacks. Activates for requests involving OAuth token theft detection, token replay prevention, Azure AD conditional access token protection, or cloud identity attack investigation.
exploiting-oauth-misconfiguration
Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.
implementing-api-gateway-security-controls
Implements security controls at the API gateway layer including authentication enforcement, rate limiting, request validation, IP allowlisting, TLS termination, and threat protection. The engineer configures API gateways (Kong, AWS API Gateway, Azure APIM, Apigee) to act as a centralized security enforcement point that validates, throttles, and monitors all API traffic before it reaches backend services. Activates for requests involving API gateway security, API management security, gateway authentication, or centralized API protection.
implementing-api-schema-validation-security
Implement API schema validation using OpenAPI specifications and JSON Schema to enforce input/output contracts and prevent injection, data exposure, and mass assignment attacks.
implementing-api-threat-protection-with-apigee
Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0, SpikeArrest, and Advanced API Security for OWASP Top 10 defense.
implementing-scim-provisioning-with-okta
Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.
performing-oauth-scope-minimization-review
Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations, excessive API scopes, unused token grants, and risky OAuth consent patterns across identity providers and SaaS platforms. Activates for requests involving OAuth scope audit, API permission review, third-party app risk assessment, or consent grant minimization.
testing-api-authentication-weaknesses
Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication on endpoints, weak password policies, credential stuffing susceptibility, token leakage in URLs or logs, and session management flaws. The tester evaluates JWT implementation, API key handling, OAuth flows, and session token entropy to identify authentication bypasses. Maps to OWASP API2:2023 Broken Authentication. Activates for requests involving API authentication testing, token validation assessment, credential security testing, or API auth bypass.
testing-for-json-web-token-vulnerabilities
Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid parameter injection, and weak secret exploitation to achieve authentication bypass and privilege escalation.
testing-jwt-token-security
Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization bypass vulnerabilities during security engagements.
testing-mobile-api-authentication
Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication, insecure token management, session fixation, privilege escalation, and IDOR vulnerabilities. Use when performing API security assessments against mobile app backends, testing JWT implementations, evaluating OAuth flows, or assessing session management. Activates for requests involving mobile API auth testing, token security assessment, OAuth mobile flow testing, or API authorization bypass.
testing-oauth2-implementation-flaws
Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, scope escalation, and PKCE bypass. The tester evaluates the authorization server, client application, and token handling for common misconfigurations that enable account takeover or unauthorized access. Activates for requests involving OAuth security testing, OIDC vulnerability assessment, OAuth2 redirect bypass, or authorization code flow testing.
auth-implementation-patterns
Build secure, scalable authentication and authorization systems using industry-standard patterns and modern best practices.
protocolsio-integration
Integration with protocols.io API for managing scientific protocols. This skill should be used when working with protocols.io to search, create, update, or publish protocols; manage protocol steps and materials; handle discussions and comments; organize workspaces; upload and manage files; or integrate protocols.io functionality into workflows. Applicable for protocol discovery, collaborative protocol development, experiment tracking, lab protocol management, and scientific documentation.
authentication-migrator
Migrate authentication systems with credential migration, OAuth2/OIDC setup, and identity provider integration
figma-api
Direct Figma API interactions for design asset management. Fetch files and components, extract design tokens, export images, manage comments, and access version history.
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
interactive-api-console
Build interactive API try-it-out consoles for documentation
x-api
X/Twitter API integration for posting tweets, threads, reading timelines, search, and analytics. Covers OAuth auth patterns, rate limits, and platform-native content posting. Use when the user wants to interact with X programmatically.
dd-debugger
Live Debugger - inspect runtime argument/variable values in production by placing log probes on methods. Use when asked what values a function receives, what parameters look like at runtime, or to capture live data from running services without redeploying.
tycana
Persistent task management and productivity intelligence via MCP. Captures tasks from conversation, plans your day, tracks patterns, and gives personalized recommendations that improve over time.
fastapi-endpoint
Plan and build production-ready FastAPI endpoints with async SQLAlchemy, Pydantic v2 models, dependency injection for auth, and pytest tests. Uses interview-driven planning to clarify data models, authentication method, pagination strategy, and caching before writing any code.
gws-admin-reports
Google Workspace Admin SDK: Audit logs and usage reports.
gws-classroom
Google Classroom: Manage classes, rosters, and coursework.
gws-drive
Google Drive: Manage files, folders, and shared drives.
gws-gmail-reply
Gmail: Reply to a message (handles threading automatically).
gws-gmail-reply-all
Gmail: Reply-all to a message (handles threading automatically).
gws-shared
gws CLI: Shared patterns for authentication, global flags, and output formatting.
gws-install
Quick install of the Google Workspace CLI (gws) on an additional machine using existing OAuth credentials. Requires client_secret.json from a previous gws-setup. Use whenever the user wants to install gws on a new computer, reinstall after a fresh OS, configure a second workstation, or says 'install gws', 'gws on new machine', 'set up gws again'.
entra-app-registration
Guides Microsoft Entra ID app registration, OAuth 2.0 authentication, and MSAL integration. USE FOR: create app registration, register Azure AD app, configure OAuth, set up authentication, add API permissions, generate service principal, MSAL example, console app auth, Entra ID setup, Azure AD authentication. DO NOT USE FOR: Azure RBAC or role assignments (use azure-rbac), Key Vault secrets (use azure-keyvault-expiration-audit), general Azure resource security guidance.
comprehensive-review-pr-enhance
Generate structured PR descriptions from diffs, add review checklists, risk assessments, and test coverage summaries. Use when the user says "write a PR description", "improve this PR", "summarize my changes", "PR review", "pull request", or asks to document a diff for reviewers.
wellally-tech
Integrate multiple digital health data sources, connect to [WellAlly.tech](https://www.wellally.tech/) knowledge base, providing data import and knowledge reference for personal health management systems.
autonomous-loops
自主Claude代码循环的模式与架构——从简单的顺序管道到基于RFC的多智能体有向无环图系统。
gws-calendar
Google Calendar: Manage calendars and events.
gws-chat
Google Chat: Manage Chat spaces and messages.
gws-events
Subscribe to Google Workspace events.
gws-gmail-forward
Gmail: Forward a message to new recipients.
gws-gmail-send
Gmail: Send an email.
gws-people
Google People: Manage contacts and profiles.
gws-sheets
Google Sheets: Read and write spreadsheets.
gws-tasks
Google Tasks: Manage task lists and tasks.
entra-app-registration
Guides Microsoft Entra ID app registration, OAuth 2.0 authentication, and MSAL integration. USE FOR: create app registration, register Azure AD app, configure OAuth, set up authentication, add API permissions, generate service principal, MSAL example, console app auth, Entra ID setup, Azure AD authentication. DO NOT USE FOR: Azure RBAC or role assignments (use azure-rbac), Key Vault secrets (use azure-keyvault-expiration-audit), general Azure resource security guidance.
detecting-suspicious-oauth-application-consent
Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.
atlassian-mcp
Integrates with Atlassian products to manage project tracking and documentation via MCP protocol. Use when querying Jira issues with JQL filters, creating and updating tickets with custom fields, searching or editing Confluence pages with CQL, managing sprints and backlogs, setting up MCP server authentication, syncing documentation, or debugging Atlassian API integrations.
java-architect
Use when building, configuring, or debugging enterprise Java applications with Spring Boot 3.x, microservices, or reactive programming. Invoke to implement WebFlux endpoints, optimize JPA queries and database performance, configure Spring Security with OAuth2/JWT, or resolve authentication issues and async processing challenges in cloud-native Spring applications.
spring-boot-engineer
Generates Spring Boot 3.x configurations, creates REST controllers, implements Spring Security 6 authentication flows, sets up Spring Data JPA repositories, and configures reactive WebFlux endpoints. Use when building Spring Boot 3.x applications, microservices, or reactive Java applications; invoke for Spring Data JPA, Spring Security 6, WebFlux, Spring Cloud integration, Java REST API design, or Microservices Java architecture.
api-testing
Comprehensive API testing for REST and GraphQL endpoints with contract validation
oauth
OAuth 2.0/OIDC flows, provider integration, and token handling.
oauth-flow-implementer
Implement OAuth 2.0 and OpenID Connect flows for SDKs
salesforce-connector
Bi-directional Salesforce CRM integration for sales data management
soap-to-rest-converter
Convert SOAP web services to REST APIs with WSDL parsing and resource modeling
hubspot-integration
Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubspot, hubspot api, hubspot crm, hubspot integration, contacts api.
protocolsio-integration
Integration with protocols.io API for managing scientific protocols. This skill should be used when working with protocols.io to search, create, update, or publish protocols; manage protocol steps and materials; handle discussions and comments; organize workspaces; upload and manage files; or integrate protocols.io functionality into workflows. Applicable for protocol discovery, collaborative protocol development, experiment tracking, lab protocol management, and scientific documentation.
speckit-specify
Create or update feature specifications from natural language descriptions. Use when starting new features or refining requirements. Generates spec.md with user stories, functional requirements, and acceptance criteria following spec-driven development methodology.
gws-calendar-agenda
Google Calendar: Show upcoming events across all calendars.
gws-drive-upload
Google Drive: Upload a file with automatic metadata.
gws-events-renew
Google Workspace Events: Renew/reactivate Workspace Events subscriptions.
gws-events-subscribe
Google Workspace Events: Subscribe to Workspace events and stream them as NDJSON.
gws-gmail-read
Gmail: Read a message and extract its body or headers.
gws-gmail-triage
Gmail: Show unread inbox summary (sender, subject, date).
gws-gmail-watch
Gmail: Watch for new emails and stream them as NDJSON.
gws-modelarmor
Google Model Armor: Filter user-generated content for safety.
gws-modelarmor-create-template
Google Model Armor: Create a new Model Armor template.
gws-modelarmor-sanitize-prompt
Google Model Armor: Sanitize a user prompt through a Model Armor template.
gws-modelarmor-sanitize-response
Google Model Armor: Sanitize a model response through a Model Armor template.
gws-script-push
Google Apps Script: Upload local files to an Apps Script project.
gws-workflow
Google Workflow: Cross-service productivity workflows.
gws-workflow-email-to-task
Google Workflow: Convert a Gmail message into a Google Tasks entry.
gws-workflow-file-announce
Google Workflow: Announce a Drive file in a Chat space.
gws-workflow-meeting-prep
Google Workflow: Prepare for your next meeting: agenda, attendees, and linked docs.
gws-workflow-standup-report
Google Workflow: Today's meetings + open tasks as a standup summary.
gws-workflow-weekly-digest
Google Workflow: Weekly summary: this week's meetings + unread email count.
persona-content-creator
Create, organize, and distribute content across Workspace.
persona-customer-support
Manage customer support — track tickets, respond, escalate issues.
persona-event-coordinator
Plan and manage events — scheduling, invitations, and logistics.
persona-exec-assistant
Manage an executive's schedule, inbox, and communications.
persona-hr-coordinator
Handle HR workflows — onboarding, announcements, and employee comms.
persona-it-admin
Administer IT — monitor security and configure Workspace.
persona-project-manager
Coordinate projects — track tasks, schedule meetings, and share docs.
persona-researcher
Organize research — manage references, notes, and collaboration.
persona-sales-ops
Manage sales workflows — track deals, schedule calls, client comms.
persona-team-lead
Lead a team — run standups, coordinate tasks, and communicate.
recipe-backup-sheet-as-csv
Export a Google Sheets spreadsheet as a CSV file for local backup or processing.
recipe-batch-invite-to-event
Add a list of attendees to an existing Google Calendar event and send notifications.
recipe-block-focus-time
Create recurring focus time blocks on Google Calendar to protect deep work hours.
recipe-bulk-download-folder
List and download all files from a Google Drive folder.
recipe-copy-sheet-for-new-month
Duplicate a Google Sheets template tab for a new month of tracking.
recipe-create-classroom-course
Create a Google Classroom course and invite students.
recipe-create-doc-from-template
Copy a Google Docs template, fill in content, and share with collaborators.
recipe-create-events-from-sheet
Read event data from a Google Sheets spreadsheet and create Google Calendar entries for each row.
recipe-create-expense-tracker
Set up a Google Sheets spreadsheet for tracking expenses with headers and initial entries.
recipe-create-feedback-form
Create a Google Form for feedback and share it via Gmail.
recipe-create-gmail-filter
Create a Gmail filter to automatically label, star, or categorize incoming messages.
recipe-create-presentation
Create a new Google Slides presentation and add initial slides.
recipe-create-shared-drive
Create a Google Shared Drive and add members with appropriate roles.
recipe-create-vacation-responder
Enable a Gmail out-of-office auto-reply with a custom message and date range.
recipe-email-drive-link
Share a Google Drive file and email the link with a message to recipients.
recipe-find-free-time
Query Google Calendar free/busy status for multiple users to find a meeting slot.
recipe-forward-labeled-emails
Find Gmail messages with a specific label and forward them to another address.
recipe-generate-report-from-sheet
Read data from a Google Sheet and create a formatted Google Docs report.
recipe-label-and-archive-emails
Apply Gmail labels to matching messages and archive them to keep your inbox clean.
recipe-log-deal-update
Append a deal status update to a Google Sheets sales tracking spreadsheet.
recipe-organize-drive-folder
Create a Google Drive folder structure and move files into the right locations.
recipe-plan-weekly-schedule
Review your Google Calendar week, identify gaps, and add events to fill them.
recipe-post-mortem-setup
Create a Google Docs post-mortem, schedule a Google Calendar review, and notify via Chat.
recipe-reschedule-meeting
Move a Google Calendar event to a new time and automatically notify all attendees.
recipe-review-meet-participants
Review who attended a Google Meet conference and for how long.
recipe-save-email-attachments
Find Gmail messages with attachments and save them to a Google Drive folder.
recipe-save-email-to-doc
Save a Gmail message body into a Google Doc for archival or reference.
recipe-schedule-recurring-event
Create a recurring Google Calendar event with attendees.
recipe-share-doc-and-notify
Share a Google Docs document with edit access and email collaborators the link.
recipe-share-event-materials
Share Google Drive files with all attendees of a Google Calendar event.
recipe-share-folder-with-team
Share a Google Drive folder and all its contents with a list of collaborators.
recipe-sync-contacts-to-sheet
Export Google Contacts directory to a Google Sheets spreadsheet.
recipe-watch-drive-changes
Subscribe to change notifications on a Google Drive file or folder.
cognito
AWS Cognito user authentication and authorization service. Use when setting up user pools, configuring identity pools, implementing OAuth flows, managing user attributes, or integrating with social identity providers.
secrets-manager
AWS Secrets Manager for secure secret storage and rotation. Use when storing credentials, configuring automatic rotation, managing secret versions, retrieving secrets in applications, or integrating with RDS.
ln-113-backend-docs-creator
Creates backend docs (api_spec.md, database_schema.md). Use when project has backend API or database.
ln-775-api-docs-generator
Configures Swagger/OpenAPI documentation for backend APIs. Use when adding interactive API docs to a project.
research-agent
Research agent for external documentation, best practices, and library APIs via MCP tools
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via gws CLI (googleworkspace/cli). Uses OAuth2 with automatic token refresh via bridge script. Requires gws binary.
x-api
X/Twitter API integration for posting tweets, threads, reading timelines, search, and analytics. Covers OAuth auth patterns, rate limits, and platform-native content posting. Use when the user wants to interact with X programmatically.
api-integration-specialist
Expert in integrating third-party APIs with proper authentication, error handling, rate limiting, and retry logic. Use when integrating REST APIs, GraphQL endpoints, webhooks, or external services. Specializes in OAuth flows, API key management, request/response transformation, and building robust API clients.
api-security-best-practices
Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities
benchling-integration
Benchling R&D platform integration. Access registry (DNA, proteins), inventory, ELN entries, workflows via API, build Benchling Apps, query Data Warehouse, for lab data management automation.
protocolsio-integration
Integration with protocols.io API for managing scientific protocols. This skill should be used when working with protocols.io to search, create, update, or publish protocols; manage protocol steps and materials; handle discussions and comments; organize workspaces; upload and manage files; or integrate protocols.io functionality into workflows. Applicable for protocol discovery, collaborative protocol development, experiment tracking, lab protocol management, and scientific documentation.
omniroute-cli-cloud
Control OmniRoute cloud agents (OpenAI Codex, Devin, Jules) from the CLI — create tasks, track status, approve plans, send messages, and manage sources. Use when the user wants to automate cloud coding agent workflows via the terminal.
mcp-create-declarative-agent
Skill converted from mcp-create-declarative-agent.prompt.md
304-frameworks-spring-boot-security
Use when you need to design, review, or improve security in Spring Boot applications — including SecurityFilterChain, OAuth2/JWT resource server patterns, form login basics, method security (@PreAuthorize), CSRF and CORS for APIs, session fixation, security headers, exception handling, password encoding, and sensitive-data-safe logging. This should trigger for requests such as Add Spring Boot security support; Review Spring Boot security configuration; Improve API authorization in Spring Boot; Add JWT resource server security in Spring Boot; Harden Spring Boot security headers and CSRF settings. Part of cursor-rules-java project
entra-agent-id
Microsoft Entra Agent ID (preview) for creating OAuth2-capable AI agent identities via Microsoft Graph beta API. Covers Agent Identity Blueprints, BlueprintPrincipals, Agent Identities, required permissions, sponsors, and Workload Identity Federation. Includes Microsoft Entra SDK for AgentID (containerized sidecar) for polyglot agent authentication (Docker/Kubernetes), 3P agent integration, autonomous and interactive agent patterns. Triggers: "agent identity", "agent id", "Agent Identity Blueprint", "BlueprintPrincipal", "entra agent", "agent identity provisioning", "Graph agent identity", "entra sidecar", "agent id sidecar", "auth sidecar", "3P agent", "third-party agent identity", "polyglot agent auth".
api-docs-writer
Write clear, developer-facing API documentation. Use when asked to document an API endpoint, write API reference docs, create a developer guide, or turn a raw spec/Postman collection into documentation. Produces endpoint documentation with descriptions, parameters, request/response examples, and error codes.
add-gcal-tool
Add Google Calendar as an MCP tool (list calendars, list/search/create events, free/busy queries) using OneCLI-managed OAuth. Multi-calendar and multi-account supported. Mirrors /add-gmail-tool's stub pattern — no raw credentials ever reach the container; OneCLI injects real tokens at request time.
use-native-credential-proxy
Opt out of the OneCLI gateway and supply Anthropic credentials from .env instead. For users who want simple .env-based credential management without the OneCLI agent vault. Reads the API key or OAuth token from .env and injects it into the container's API requests.
use-native-credential-proxy
Replace OneCLI gateway with the built-in credential proxy. For users who want simple .env-based credential management without installing OneCLI. Reads API key or OAuth token from .env and injects into container API requests.
agent-code-goal-planner
Agent skill for code-goal-planner - invoke with $agent-code-goal-planner
agent-specification
Agent skill for specification - invoke with $agent-specification
auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
api-design
Use this skill when designing APIs, choosing between REST/GraphQL/gRPC, writing OpenAPI specs, implementing pagination, versioning endpoints, or structuring request/response schemas. Triggers on API design, endpoint naming, HTTP methods, status codes, rate limiting, authentication schemes, HATEOAS, query parameters, and any task requiring API architecture decisions.
api-gateway-configurator
Configure API gateways for SDK traffic management
gws-calendar-insert
Google Calendar: Create a new event.
gws-chat-send
Google Chat: Send a message to a space.
gws-docs
Read and write Google Docs.
gws-docs-write
Google Docs: Append text to a document.
gws-forms
Read and write Google Forms.
gws-gmail
Gmail: Send, read, and manage email.
gws-keep
Manage Google Keep notes.
gws-meet
Manage Google Meet conferences.
gws-script
Manage Google Apps Script projects.
gws-sheets-append
Google Sheets: Append a row to a spreadsheet.
gws-sheets-read
Google Sheets: Read values from a spreadsheet.
gws-slides
Google Slides: Read and write presentations.
recipe-compare-sheet-tabs
Read data from two tabs in a Google Sheet to compare and identify differences.
recipe-create-meet-space
Create a Google Meet meeting space and share the join link.
recipe-create-task-list
Set up a new Google Tasks list with initial tasks.
recipe-draft-email-from-doc
Read content from a Google Doc and use it as the body of a Gmail message.
recipe-find-large-files
Identify large Google Drive files consuming storage quota.
recipe-review-overdue-tasks
Find Google Tasks that are past due and need attention.
recipe-send-team-announcement
Send a team announcement via both Gmail and a Google Chat space.
auth-architect
Implement authentication and authorization with OWASP Top 10 standards, OAuth 2.0 + OIDC, WebAuthn/Passkeys, session management, and RBAC/ABAC. Use when user asks to implement login, signup, authentication, authorization, JWT, OAuth, SSO, passkeys, MFA, or role-based access. Do NOT use for API key management (use api-forge), encryption at rest, or network-level security (firewalls, WAF).
spring-boot-openapi-documentation
Provides patterns to generate comprehensive REST API documentation using SpringDoc OpenAPI 3.0 and Swagger UI in Spring Boot 3.x applications. Use when setting up API documentation, configuring Swagger UI, adding OpenAPI annotations, implementing security documentation, or enhancing REST endpoints with examples and schemas.
spring-boot-security-jwt
Provides JWT authentication and authorization patterns for Spring Boot 3.5.x covering token generation with JJWT, Bearer/cookie authentication, database/OAuth2 integration, and RBAC/permission-based access control using Spring Security 6.x. Use when implementing authentication or authorization in Spring Boot applications.
typescript-security-review
Provides security review capability for TypeScript/Node.js applications, validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure. Use when performing security audits, before deployment, reviewing authentication/authorization implementations, or ensuring OWASP compliance for Express, NestJS, and Next.js. Triggers on "security review", "check for security issues", "TypeScript security audit".
bernstein-plan
Create and manage multi-step execution plans in Bernstein. Plans decompose complex goals into stages with dependencies. Use when the user wants to plan a complex feature, break down a large task, or review an execution plan before agents start working.
defending-applications
Application security defense knowledge for builders, not pentesters. Covers Web/API/GraphQL hardening (XSS/SQLi/SSRF/IDOR/BOLA/Mass Assignment/deserialization/upload/path traversal), authentication/authorization (OAuth 2.0/OIDC/JWT/Session/Cookie/SAML/SSO), and LLM application security (prompt injection, jailbreak, RAG poisoning, agent privilege escalation, output filtering). Use when designing or reviewing application-layer defenses, fixing CVE-class bugs in your own code, hardening auth flows, or threat-modeling LLM-powered features. Do NOT use for offensive testing (see securing-systems/pentest), incident response (see securing-systems/blue-team), or infra-layer hardening (see provisioning-infrastructure).
headless-claude-code
Reference guide for running Claude Code in headless, container, and CI environments — covers auth strategies, interactive mode pitfalls, tmux orchestration, root user workarounds, and git auth without SSH agents or keychains
saas-auth-patterns
SaaS authentication and authorization patterns including JWT vs session strategies, multi-tenant isolation, RBAC, API key management, passwordless flows, MFA, and secure session handling.
recipe-collect-form-responses
Retrieve and review responses from a Google Form.
google-calendar-tool
Google Calendar integration tool for listing and creating events via OAuth2 Calendar API access. Use when: checking upcoming events, creating appointments, or updating your schedule.
git-commit
Git commit message generator that creates conventional commit messages based on code changes.
detecting-email-account-compromise
Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in locations, mail forwarding rules, and unusual API access patterns via Microsoft Graph and audit logs.
secure-auth
Secure authentication implementation patterns. Use when implementing user login, registration, password reset, session management, JWT authentication, OAuth, MFA, or passkeys. Provides production-ready patterns aligned with NIST SP 800-63B-4, OWASP 2026 cheat sheets, OAuth 2.1, and WebAuthn L3, with breach-driven lessons.
api-authentication
Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.
oauth-implementation
OAuth 2.0 and OpenID Connect authentication with secure flows. Use for third-party integrations, SSO systems, token-based API access, or encountering authorization code flow, PKCE, token refresh, scope management errors.
light-tool-selection
工具选择与多工具协同。根据任务自动判断适合用什么工具——搜索、Python、R、MATLAB、LaTeX、Word、Excel、PowerPoint、Visio、Origin、数据库、Git、前端/后端框架、绘图工具、文献管理工具等(常驻,所有任务后台生效)。不盲目用工具,而是按实际任务选最高效、最稳定、最专业的实现方式。
ros2-web-integration
Patterns and best practices for integrating ROS2 systems with web technologies including REST APIs, WebSocket bridges, and browser-based robot interfaces. Use this skill when building web dashboards for robots, streaming camera feeds to browsers, exposing ROS2 services as REST endpoints, or implementing bidirectional WebSocket communication between web UIs and ROS2 nodes. Trigger whenever the user mentions rosbridge, rosbridge_suite, roslibjs, FastAPI with ROS2, Flask with rclpy, WebSocket for robot telemetry, MJPEG streaming, WebRTC for robots, REST API wrapping ROS2 services, web-based robot control, browser robot interface, robot dashboard, CORS configuration for robots, or any web-to-ROS2 bridge pattern. Also trigger for authentication on robot web interfaces, rate limiting sensor streams, video streaming from robot cameras to browsers, or running async web frameworks alongside the ROS2 executor. Covers rosbridge_suite, FastAPI, Flask, WebSocket, and WebRTC approaches.
seo-google
Google SEO APIs: Search Console (Search Analytics, URL Inspection, Sitemaps), PageSpeed Insights v5, CrUX field data with 25-week history, Indexing API v3, and GA4 organic traffic. Provides real Google field data for Core Web Vitals, indexation status, search performance, and organic traffic trends. Use when user says "search console", "GSC", "PageSpeed", "CrUX", "field data", "indexing API", "GA4 organic", "URL inspection", "google api setup", "real CWV data", "impressions", "clicks", "CTR", "position data", "LCP", "INP", "CLS", "FCP", "TTFB", or "Lighthouse scores".
auth-security
OAuth 2.1 + JWT authentication security best practices. Use when implementing auth, API authorization, token management. Follows RFC 9700 (2025).
find-cpa-firm
Use whenever the user wants to find, shortlist, vet, or enrich US accounting and tax firms (CPA firms) — financial-statement audit, SOC 1/2 audit, corporate tax, bookkeeping for businesses, advisory/fractional CFO, M&A diligence, 409A valuations, R&D tax credits, IPO readiness, sales-and-use tax. Triggers on "find me a CPA firm for our delaware c-corp series A audit", "shortlist three audit firms with SaaS experience", "we need a tax advisor for our M&A", or "pull contact info for these 10 accounting firm domains", even when described indirectly (audit our books, fractional CFO support, file our 1120). Drives the ServiceGraph API (api.servicegraph.co) — a 100k+ US firm catalog filterable by industry, services, location, size, ratings. Skip personal/consumer tax preparation (1040, individual estate, retirement planning), in-house controller/CFO hires, "how do I file my taxes" DIY questions, accounting-software comparisons (QuickBooks vs Xero), non-US firms, individual freelance bookkeepers.
find-management-consultant
Use whenever the user wants to find, shortlist, vet, or enrich US management consultancies — strategy, operations, executive coaching, leadership development, org-development/change management, PMO/program management, sales/revenue operations consulting. Triggers on "find me three top strategy consultancies in California", "shortlist boutique ops-consulting firms with healthcare experience", "we need an executive coach for our new CEO", or "pull contact info for these 10 consulting firm domains", even when described indirectly (post-merger integration help, change-management partner, fractional COO). Drives the ServiceGraph API (api.servicegraph.co) — a 100k+ US firm catalog filterable by industry, services, location, size, ratings. Skip in-house strategy hires, "help me build a strategy" do-the-work asks, framework comparisons (Lean vs Agile, BCG matrix, etc.), academic/MBA-program questions, life/career coaching for individuals, non-US firms, individual freelancers.
find-mcp-directories
Use whenever the user wants to find, rank, or shortlist directories and registries where they can submit or list an MCP server (Model Context Protocol server) — to get backlinks, referral traffic, and discovery by agent builders. Triggers on "where do I list my MCP server", "best MCP directories", "MCP registries to submit to", "get my MCP server discovered", or "pull submission details for these MCP-directory domains", even when described indirectly (we built an MCP server, where do we publish it). Drives the ServiceGraph API (api.servicegraph.co) — a catalog of 1,000+ product directories enriched with Domain Rating, backlinks, and organic traffic. Defer to find-ai-directories for general AI-tool / AI-agent / agent-skill listings, and to find-product-directories for general SaaS/software launches. Skip building an MCP server or asking how MCP works (DIY), finding a firm to build one (use find-ai-consultancy / find-software-developer), and MCP link-building *services*.
find-seo-agency
Use whenever the user wants to find, shortlist, vet, or enrich US SEO agencies — technical SEO, on-page/off-page, link-building, content-led SEO, local SEO, ecommerce SEO, B2B SEO, and SEO audits. Triggers on "find me an SEO agency in Texas", "shortlist three technical SEO consultancies for SaaS", "link-building and on-page for our ecommerce store", or "pull contact info for these 8 SEO firm domains", even when described indirectly (organic traffic flat, improve Google rankings, search visibility). Drives the ServiceGraph API (api.servicegraph.co) — a 100k+ US firm catalog filterable by industry, services, location, size, ratings, third-party listings. Defer to find-marketing-agency when scope spans multiple marketing services beyond SEO. Skip SEM/PPC/paid-search asks, web-dev asks (use find-web-developer), "how do I rank" DIY questions, SEO tool recommendations (Ahrefs, Semrush), in-house SEO hires, non-US firms, individual freelancers.
find-service-providers
Use whenever the user wants to find, shortlist, vet, enrich, or research US professional-services firms — law, marketing, consulting, accounting, IT services, architecture, engineering, HR, PR, design, and similar B2B service providers. Triggers on requests like "find me a PPC agency in California", "shortlist three boutique IP law firms", "build a longlist of 50 mid-size IT consultancies", or "here are 12 agency domains — pull contact info and confirm which are US-based", even when the need is described indirectly without naming a category. Drives the ServiceGraph API (api.servicegraph.co) — a 100k+ US firm catalog with filters for industry, services, location, size, ratings, and third-party listings. Skip when the user is asking for personal/consumer services for themselves (an individual's own legal, tax, or medical needs), non-US firms, individual freelancers, retail/ecommerce/SaaS-product companies, recruiting-an-employee tasks, or general web research that doesn't need a structured firm directory.
ops-home
Smart home command center via Homey Pro. Devices, flows, scenes, energy, climate, presence, alarms. Works via Homey local API (preferred) + Athom cloud API fallback. Configure once via /ops:setup.
ops-integrate
Add any SaaS API as a first-class integration. Provide the service name — ops-integrate discovers auth patterns, tests connectivity, and registers the API in your partner registry so it's available to other skills.
ops-rotate-setup
Interactive OAuth init wizard for the multi-account Claude rotator. Walks through every account in the rotation config and, for any account missing a valid keychain token, delegates to the proven `rotate.mjs` magic-link flow (browser-driver cascade + Gmail polling), which writes the verified OAuth token to `Claude-Rotation-<key>` (key = account label or email, keychain account `$USER`). Re-runnable any time. Standalone alias of the same step inside `/ops:setup`.
api-security-testing
API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.
aws-secrets-rotation
Automate AWS secrets rotation for RDS, API keys, and credentials
dotnet-backend
Build ASP.NET Core 8+ backend services with EF Core, auth, background jobs, and production API patterns.
frontend-api-client-with-jwt
A conceptual skill for building an API client in Next.js that handles JWT tokens
security-engineering
Security architecture and implementation patterns. Use when designing security controls, implementing authentication/authorization, conducting threat modeling, or ensuring compliance with security frameworks.
hunt-csrf
Hunting skill for csrf vulnerabilities. Built from 15 public bug bounty reports including modern variants — SameSite=Lax sibling-subdomain bypass (Argo CD CVE-2024-22424), GraphQL mutations-via-GET (GitLab $3,370), framework-wide CSRF middleware disabled (Stripe Dashboard $5,000), path-traversal CSRF-token bypass (GitHub Enterprise CVE-2022-23732 $10k), Origin-omission bypass (TikTok $2,500), OAuth-state null-byte (Streamlabs), WebSocket CSRF / CSWSH (Coda), default-SameSite email-change → ATO (YoYo Games $400), social-account-link CSRF (HackerOne), JSON-CSRF via text/plain on email-change (TikTok $500). Use when hunting modern CSRF — heavy emphasis on chain-to-ATO patterns.
hunt-misc
Hunting skill for misc vulnerabilities. Built from 225 public bug bounty reports. Use when hunting misc on any target.
hunt-open-redirect
Hunt Open Redirect — all types including low-impact, chained to OAuth token theft → ATO, phishing chains. URL parameter manipulation, JavaScript redirect, meta refresh, header injection. Use when hunting redirect bugs or building ATO chains.
git-workflow
Git 工作流专家。规范化版本控制,确保提交历史清晰可追溯。支持 Conventional Commits 规范、Pull Request 最佳实践、分支管理策略和自动化工作流。
research-agent
Research agent for external documentation, best practices, and library APIs via MCP tools
component-patterns
Architecture patterns, code generation guides, and reference documentation for building Prismatic custom components.
blog-google
Google API integration for blog performance: PageSpeed Insights, CrUX Core Web Vitals with 25-week history, Search Console performance, URL Inspection, Indexing API, GA4 organic traffic, NLP entity analysis for E-E-A-T, YouTube video search for embedding, and Google Ads Keyword Planner. Progressive feature availability based on credential tier (API key, OAuth/service account, GA4, Ads). Shares config with claude-seo at ~/.config/claude-seo/google-api.json. Use when user says "google data", "page speed", "core web vitals", "search console", "indexation", "GA4", "keyword research", "nlp entities", "blog performance", "youtube search", "google api setup".
corezoid
Universal Corezoid assistant. Use when the user asks anything about Corezoid processes, wants to work with process JSON files, mentions process nodes, MCP tools, process validation, or any Corezoid-specific task. Also use when the user mentions "Corezoid", "BPM process", "conv.json", "push process", "run task", or asks for general platform knowledge. This skill provides deep knowledge of the platform model and guides you to use the Corezoid MCP tools correctly.
corezoid-init
Corezoid environment setup specialist. Use when the user wants to connect to Corezoid, set up credentials, authenticate, pull a project, configure the environment, or start working with a Corezoid project for the first time. Activate when the user says "init", "setup", "connect to corezoid", "login", "pull workspace", "configure environment", or "get started".
configure
Configure Slack channel tokens (bot token + app-level token)
wjs-looping-feedback
Use when the user wants to add an in-site feedback loop to a website repo — a floating "提个建议" button where allowlisted visitors submit suggestions that become a GitHub Issue, which GitHub Actions turns into an automatic code change via Claude Code, auto-merges and deploys, and records on a /_feedback dashboard with one-click revert. Triggers — "给网站加个反馈对话框", "提一句话就自动改网站", "装上反馈闭环", "feedback loop", "/wjs-looping-feedback".
atlassian
Manage Jira issues and Confluence wiki pages in Atlassian Cloud. Use when: (1) searching/creating/updating Jira issues with JQL, (2) searching/reading/creating Confluence pages with CQL, (3) managing Jira workflows, transitions, and comments, (4) browsing Confluence spaces and page hierarchies. Supports OAuth 2.1 via MCP server (recommended) or API token authentication (fallback).
tax-filing
End-to-end corporate and personal tax preparation: data gathering from Xero/bank statements/Gmail/Obsidian/Google Drive, P&L generation, IRS compliance analysis, tax calculation, document staging, and payment guidance. Use this skill when the user mentions tax filing, tax preparation, P&L report, Form 1120, Form 1040, corporate tax, personal tax return, Sorsher, accountant meeting, tax deadline, estimated tax payment, IRS payment, extension filing, 1099, W-2, bank statement analysis for taxes, constructive dividends, home office deduction, or any tax-year financial preparation. Also activate when the user wants to analyze business expenses, calculate tax liability, prepare audit documentation, or generate invoices for foreign contractors. This skill handles both C-Corp (Form 1120) and personal MFJ (Form 1040) returns.
laravel-auth
Use when implementing user authentication, API tokens, social login, or authorization. Covers Sanctum, Passport, Socialite, Fortify, policies, and gates for Laravel 13.
fastapi-senior-dev
Senior Python Backend Engineer skill for FastAPI. Use when scaffolding production-ready APIs, enforcing clean architecture, optimizing async patterns, or auditing FastAPI codebases.
auth-security
OAuth 2.1 + JWT authentication security best practices. Use when implementing auth, API authorization, token management. Follows RFC 9700 (2025).
nw-new
Guided wizard to start a new feature. Asks what you want to build, recommends the right starting wave, and launches it.
nw-roadmap
Creates a phased roadmap.json for a feature goal with acceptance criteria and TDD steps. Use when planning implementation steps before execution.
gateway
Designing and reviewing APIs via OpenAPI spec generation, versioning strategy, breaking change detection, and REST/GraphQL best practices. Ensures API quality and consistency. Use when API design or OpenAPI specs are needed.
authsome
Use this to access external services/CLIs/APIs: Gmail/gh/Github/Stripe etc. or when running any bash command, script, or curl/wget that makes outbound HTTP calls. Make HTTP requests directly and the gateway injects credentials automatically.
authentication-setup
Design and implement authentication and authorization systems. Use when setting up user login, JWT tokens, OAuth, session management, or role-based access control. Handles password security, token management, SSO integration.
bodhi-sdk-react-integration
Integrate React+Vite web apps with bodhi-js-sdk for local LLM integration. Use when user asks to: "integrate bodhi", "add bodhi sdk", "connect to bodhi", "setup bodhi provider", "bodhi react integration", "deploy bodhi to github pages", or troubleshoot bodhi-js-sdk connection/auth issues.
git-workflow-enforcer
Ensures commits follow conventional commits, branch naming conventions, and PR templates. Use when creating commits, branches, or PRs, or when user mentions git workflow.
rest-patterns
Quick reference for RESTful API design patterns, HTTP semantics, caching, and rate limiting. Triggers on: rest api, http methods, status codes, api design, endpoint design, api versioning, rate limiting, caching headers.
security-auditor
Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks. Masters vulnerability assessment, threat modeling, secure authentication (OAuth2/OIDC), OWASP standards, cloud security, and security automation. Handles DevSecOps integration, compliance (GDPR/HIPAA/SOC2), and incident response. Use PROACTIVELY for security audits, DevSecOps, or compliance implementation.
api-security-best-practices
Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities
evidence-hygiene
Evidence-capture and PoC-redaction discipline for bug-bounty submissions: cookie redaction protocol (which fields to mask, Preview annotation / Burp panel hiding / DevTools workflow), PII black-bar discipline (what to mask in other-user data — names, emails, phones, faces — vs what is safe to leave — usernames, trace IDs, request bodies), HAR file sanitization (jq filters for Cookie/Set-Cookie/Authorization headers), Burp Repeater/Intruder screenshot hygiene (hide request body, show only Results table for rate-limit attacks), Chrome DevTools Console PoC patterns (credentials include so cookies are not echoed, labeled console.log), screenshot capture order, filename conventions, post-submission rotation hygiene. Use BEFORE any PoC screenshot, BEFORE attaching a HAR, or whenever preparing evidence with session cookies or other-user PII. Pairs with bugcrowd-reporting and report-writing.
wjs-cleaning-spam
Use when the user complains about spam on his X/Twitter posts — 同城面付 / 寻固炮 / 线下上门 / 免费破处 这类引流号在他推文下刷的 emoji 垃圾回复 — and wants them removed. Covers the last 7 days (X recent-search window). Triggers — "把这些spam删掉", "清理X垃圾回复", "推文下面好多引流号", "clean spam replies", "/wjs-cleaning-spam".
implementing-api-gateway-security-controls
在API网关层实施安全控制,包括认证强制执行、速率限制、请求验证、IP白名单、TLS终止和威胁防护。 配置API网关(Kong、AWS API Gateway、Azure APIM、Apigee)作为集中式安全执行点, 在流量到达后端服务前对所有API流量进行验证、节流和监控。
go-swagger
Use when adding or maintaining OpenAPI/Swagger documentation for a Go HTTP API. Covers swaggo/swag annotation comments (@Summary, @Param, @Success, @Router, @Security), the swag CLI workflow, framework integration for Gin/Echo/Fiber/Chi/net-http, security definitions (Bearer/JWT, OAuth2, API key), and struct tags (example, enums, swaggertype, swaggerignore). Apply when a project imports github.com/swaggo/swag or any of the swaggo UI adapters, or when you need to expose /swagger/index.html.
gws
Use the gws CLI for Google Calendar, Gmail, Drive, Sheets, Docs, Tasks, and cross-service Workspace workflows.
airtable
Airtable REST API via curl. Records CRUD, filters, upserts.
api-design
Use this skill when designing APIs, choosing between REST/GraphQL/gRPC, writing OpenAPI specs, implementing pagination, versioning endpoints, or structuring request/response schemas. Triggers on API design, endpoint naming, HTTP methods, status codes, rate limiting, authentication schemes, HATEOAS, query parameters, and any task requiring API architecture decisions.
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via Python. Uses OAuth2 with automatic token refresh. No external binaries needed — runs entirely with Google's Python client libraries in the Hermes venv.
alternative-payments-api-patterns
Use this skill when working with the Alternative Payments API - OAuth2 client-credentials authentication, REST structure, cursor pagination, rate limiting (5 req/sec), error handling, and the read + safe-write capability posture. Covers token minting, bearer auth, idempotency, and the deliberate exclusion of direct payment creation.
github-actions-docs
Use when users ask how to write, explain, customize, migrate, secure, or troubleshoot GitHub Actions workflows, workflow syntax, triggers, matrices, runners, reusable workflows, artifacts, caching, secrets, OIDC, deployments, custom actions, or Actions Runner Controller, especially when they need official GitHub documentation, exact links, or docs-grounded YAML guidance.
hubspot-integration
Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubspot, hubspot api, hubspot crm, hubspot integration, contacts api.
atlassian-mcp
Integrates with Atlassian products to manage project tracking and documentation via MCP protocol. Use when querying Jira issues with JQL filters, creating and updating tickets with custom fields, searching or editing Confluence pages with CQL, managing sprints and backlogs, setting up MCP server authentication, syncing documentation, or debugging Atlassian API integrations.
java-architect
Use when building, configuring, or debugging enterprise Java applications with Spring Boot 3.x, microservices, or reactive programming. Invoke to implement WebFlux endpoints, optimize JPA queries and database performance, configure Spring Security with OAuth2/JWT, or resolve authentication issues and async processing challenges in cloud-native Spring applications.
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via Python. Uses OAuth2 with automatic token refresh. No external binaries needed — runs entirely with Google's Python client libraries in the Hermes venv.
vercel-api
Vercel MCP and REST API expert guidance. Use when the agent needs live access to Vercel projects, deployments, environment variables, domains, logs, or documentation through the MCP server or REST API.
kubesphere-devops-tenant
Use when operating KubeSphere DevOps as a namespace-scoped tenant with limited permissions, without cluster-admin access, or when accessing DevOps through KubeSphere APIs only
open-agreements
Fill standard legal agreement templates (NDAs, cloud service agreements, SAFEs) and produce signable DOCX files. Supports Common Paper, Bonterms, and Y Combinator templates. Use when the user needs to draft a legal agreement, create an NDA, fill a contract template, or generate a SAFE. Can also send agreements for electronic signature via DocuSign.
document-changes
Generate a markdown report documenting codebase changes from the current session — files added, modified, deleted, and a summary of what was done. Use when asked to "document changes", "generate change report", "save changes report", "what did I change", "session report", "summarize my changes", or "write a changes report".
canva-debug-bundle
Collect Canva Connect API debug evidence for troubleshooting and support. Use when encountering persistent issues, preparing support tickets, or collecting diagnostic information for Canva API problems. Trigger with phrases like "canva debug", "canva support bundle", "collect canva logs", "canva diagnostic".
auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
cloud-identity-and-auth
Identity, authentication, authorization, and token management for cloud platforms. Covers Keystone-style scoped tokens, OAuth 2.0 flows, OpenID Connect, JWT structure and pitfalls, federation with SAML/OIDC, service-to-service auth with mTLS and SPIFFE, principle of least privilege, IAM role design, and the service catalog pattern (public/internal/admin endpoints). Use when designing authn/authz for a multi-tenant cloud service, integrating with an identity provider, or reviewing IAM policies for over-privilege.
adobe-firefly-api-batch-image-generator
Calls Adobe Firefly's text-to-image and generative fill APIs for batch asset creation. Manages Adobe IMS OAuth tokens and enforces Content Credentials (C2PA) metadata on all outputs.
api-designer
Design and document RESTful and GraphQL APIs with OpenAPI/Swagger specifications, authentication patterns, versioning strategies, and best practices. Use for: (1) Creating API specifications, (2) Designing REST endpoints, (3) GraphQL schema design, (4) API authentication and authorization, (5) API versioning strategies, (6) Documentation generation
api-integration-specialist
Expert in integrating third-party APIs with proper authentication, error handling, rate limiting, and retry logic. Use when integrating REST APIs, GraphQL endpoints, webhooks, or external services. Specializes in OAuth flows, API key management, request/response transformation, and building robust API clients.
api-security-best-practices
Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities
benchling-integration
Benchling R&D platform integration. Access registry (DNA, proteins), inventory, ELN entries, workflows via API, build Benchling Apps, query Data Warehouse, for lab data management automation.
caam
Coding Agent Account Manager - Sub-100ms account switching for AI coding CLIs with fixed-cost subscriptions. Vault profiles, isolated profiles for parallel sessions, smart rotation with health scoring, cooldown tracking, automatic failover, TUI dashboard. Go CLI.
commit-message
Format git commit messages combining Conventional Commits summary lines with Linux kernel-style bodies. Use when writing, reviewing, or formatting commit messages.
configuring-better-auth
Implement OAuth 2.1 / OIDC authentication using Better Auth with MCP assistance. Use when setting up a centralized auth server (SSO provider), implementing SSO clients in Next.js apps, configuring PKCE flows, or managing tokens with JWKS verification. Uses Better Auth MCP for guided setup. NOT when using simple session-only auth without OAuth/OIDC requirements.
entra-app-registration
Guides Microsoft Entra ID app registration, OAuth 2.0 authentication, and MSAL integration. USE FOR: create app registration, register Azure AD app, configure OAuth, set up authentication, add API permissions, generate service principal, MSAL example, console app auth, Entra ID setup, Azure AD authentication. DO NOT USE FOR: Azure RBAC or role assignments (use azure-rbac), Key Vault secrets (use azure-keyvault-expiration-audit), Azure resource security (use azure-security).
fastapi-mastery
Comprehensive FastAPI development skill covering REST API creation, routing, request/response handling, validation, authentication, database integration, middleware, and deployment. Use when working with FastAPI projects, building APIs, implementing CRUD operations, setting up authentication/authorization, integrating databases (SQL/NoSQL), adding middleware, handling WebSockets, or deploying FastAPI applications. Triggered by requests involving .py files with FastAPI code, API endpoint creation, Pydantic models, or FastAPI-specific features.
git-workflow
Git workflow with worktrees and conventional commits.
github-actions-docs
Use when users ask how to write, explain, customize, migrate, secure, or troubleshoot GitHub Actions workflows, workflow syntax, triggers, matrices, runners, reusable workflows, artifacts, caching, secrets, OIDC, deployments, custom actions, or Actions Runner Controller, especially when they need official GitHub documentation, exact links, or docs-grounded YAML guidance.
github-pr-best-practices
Best practices for creating GitHub pull requests including conventional commits, PR formatting, and multi-language support (en/ja). Use when creating PRs, writing PR descriptions, or formatting commit messages.
jwt-auth
Use when implementing JWT authentication in FastAPI or Python projects. Triggers for: token generation, verification middleware, current user extraction, access token creation, token decoding, or role-based auth. NOT for: OAuth2 provider setup, OpenID Connect, or non-Python backends.
managing-git
Manages Git workflows including branching, commits, and pull requests. Use when working with Git, creating commits, opening PRs, managing branches, resolving conflicts, or when asked about version control best practices.
protocolsio-integration
Integration with protocols.io API for managing scientific protocols. This skill should be used when working with protocols.io to search, create, update, or publish protocols; manage protocol steps and materials; handle discussions and comments; organize workspaces; upload and manage files; or integrate protocols.io functionality into workflows. Applicable for protocol discovery, collaborative protocol development, experiment tracking, lab protocol management, and scientific documentation.
py-fastapi-patterns
FastAPI patterns for API design. Use when creating endpoints, handling dependencies, error handling, or working with OpenAPI schemas.
secret-scanner
Detect accidentally committed secrets, credentials, and sensitive information in code.
google-workspace
Gmail, Google Calendar, Drive, Sheets via Google APIs
blueprint-prp-create
Create a PRP (Product Requirement Prompt) with research, context, and validation gates. Use when planning a feature packet for subagent execution with TDD and confidence scoring.
sales-attio
Attio platform help — AI-native CRM with custom objects, relationship database, deal pipelines, email sequences, automations, and built-in enrichment for 80,000+ startups. Covers custom data model design (objects, attributes, relationships), pipeline configuration, workflow automations, email sequences, AI agents (Ask Attio), reporting, API integration (REST, OAuth 2.0, 100+ endpoints, webhooks, MCP server), and pricing tiers (Free/Plus/Pro/Enterprise). Use when Attio data model doesn't fit your workflow, deal pipeline stages need restructuring, automations aren't firing correctly, API or webhook integration isn't working, or not sure if Attio is the right CRM for your team. Do NOT use for general CRM data hygiene strategy (use /sales-data-hygiene), outbound sequences across platforms (use /sales-cadence), contact enrichment strategy (use /sales-enrich), or tool integration patterns (use /sales-integration).
keycloak-iam
Operate, configure, deploy, secure, and integrate with Keycloak (open-source IAM) — the modern Quarkus distribution (24.x–26.6.x), the Keycloak Operator with `Keycloak` and `KeycloakRealmImport` CRDs, and realm/client/identity-provider configuration.
sign-in-with-vercel
Sign in with Vercel guidance — OAuth 2.0/OIDC identity provider for user authentication via Vercel accounts. Use when implementing user login with Vercel as the identity provider.
doncheli-api-contract
Design complete API contracts covering endpoints, auth, rate limiting, error handling, retries, circuit breaker and idempotency. Activate when user mentions "api contract", "api design", "endpoint", "webhook", "REST", "GraphQL", "OpenAPI", "design the API".
frontend-developer
Frontend Developer (/fe, alias: Finn, /finn) - Senior Frontend Developer with 10+ years web and mobile experience. Covers React/Next.js (default), Angular, Vue/Nuxt, Flutter/Dart, and JavaFX desktop - detects the project's framework and loads the matching stack reference. Use when implementing UI components, state management, data fetching, styling, forms, or any web/cross-platform frontend feature in any of these stacks.
secops-engineer
Soren - Principal Security Engineer with 15+ years application, infrastructure, and cloud security experience. Security review is a safety-override gate, required on security-relevant changes (auth, secrets, PII, external input, etc.) and always in the regulated preset. Use when conducting security reviews, threat modeling (STRIDE/PASTA/LINDDUN), implementing authentication (OAuth 2.1/Passkeys/WebAuthn), supply chain security (SBOM/SLSA), container/K8s hardening, Zero Trust architecture, AI/LLM security, privacy engineering, security scanning pipelines, compliance (GDPR/PCI-DSS/SOC2/ISO27001), or incident response. Primary command: /secops. Alias: /soren.
add-discord
Add Discord bot channel integration to Deus.
claude-code-proxy-patterns
Claude Code OAuth proxy patterns and anti-patterns for multi-provider model routing.
api-design
Generates RESTful and GraphQL API designs with OpenAPI specs, proper resource naming, HTTP method usage, status codes, pagination, filtering, error responses, versioning strategies, and GraphQL schema patterns. Triggers on: "design API", "create API spec", "OpenAPI", "REST endpoint design", "GraphQL schema".
git-workflow
Helps with git workflows including conventional commit messages, branching strategies, merge conflict resolution, and changelog generation. Triggers on: "git commit message", "branching strategy", "resolve conflict", "generate changelog".
nyxid
Brokers credentials for downstream services (OpenAI, Anthropic, GitHub, Lark, custom APIs, SSH, MCP) so the agent never sees raw API keys or OAuth tokens. Use whenever the user asks to call, proxy, or authenticate against a third-party API/service, mentions NyxID, asks to "connect", "add a service", "set up an API key", manage credentials/nodes/MCP, send messages through bot platforms, or wire up SSH access. Operate exclusively through the `nyxid` CLI.
rotate-secrets
Rotate webhook HMACs, API keys, OAuth tokens, and update gateway configs atomically
airtable
Airtable REST API via curl. Records CRUD, filters, upserts.
google-workspace
Gmail, Calendar, Drive, Docs, Sheets via gws CLI or Python.
auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
ai-tools
Provides guidance for integrating AI tools and components into the Family Tree App, including knowledge graphs, computer vision, and natural language processing. Invoke when working on AI-related features or when needing AI integration advice.
deepread-api
Full DeepRead API reference. All endpoints, auth, request/response formats, blueprints, webhooks, error handling, and code examples for OCR, structured extraction, form filling, and PII redaction.
ha-integration-dev
Home Assistant custom integration development in Python. Covers custom_components, DataUpdateCoordinator, config_flow, OAuth2, conversation agent, HACS publishing, device registry, entity platforms, services, repair issues, diagnostics, Bluetooth integrations, and multi-coordinator patterns.
atlassian-mcp
Use when querying Jira issues, searching Confluence pages, creating tickets, updating documentation, or integrating Atlassian tools via MCP protocol.
fastapi-expert
Use when building high-performance async Python APIs with FastAPI and Pydantic V2. Invoke for async SQLAlchemy, JWT authentication, WebSockets, OpenAPI documentation.
java-architect
Use when building enterprise Java applications with Spring Boot 3.x, microservices, or reactive programming. Invoke for WebFlux, JPA optimization, Spring Security, cloud-native patterns.
managing-git
Manages Git workflows including branching, commits, and pull requests. Use when working with Git, creating commits, opening PRs, managing branches, resolving conflicts, or when asked about version control best practices.
swing-clarify
Prevents premature execution on ambiguous requests. Analyzes request clarity using 5W1H decomposition, surfaces hidden assumptions, and generates structured clarifying questions before work begins. Use at the start of any non-trivial task, or when a request could be interpreted multiple ways. Triggers on "뭘 원하는건지", "요구사항 정리", "clarify", "what exactly", "scope", "requirements", "정확히 뭘", "before we start".
swing-clarify
Prevents premature execution on ambiguous requests. Analyzes request clarity using 5W1H decomposition, surfaces hidden assumptions, and generates structured clarifying questions before work begins. Use at the start of any non-trivial task, or when a request could be interpreted multiple ways. Triggers on "뭘 원하는건지", "요구사항 정리", "clarify", "what exactly", "scope", "requirements", "정확히 뭘", "before we start".
gws-auth
Authenticate and manage credentials for the gws CLI — login, logout, status, scopes, service accounts, and credential storage.
security
Application security best practices and patterns
api-gateway
API gateway for calling third-party APIs with managed auth. Use this skill when users want to interact with external services like Slack, HubSpot, Salesforce, Google Workspace, Stripe, and more.
api-gateway
API gateway for calling third-party APIs with managed auth. Use this skill when users want to interact with external services like Slack, HubSpot, Salesforce, Google Workspace, Stripe, and more.
api-gateway
API gateway for calling third-party APIs with managed auth. Use this skill when users want to interact with external services like Slack, HubSpot, Salesforce, Google Workspace, Stripe, and more.
social-media-api-integration
Integrate with social media platform APIs for automated posting, scheduling, analytics retrieval, and content syndication. Covers OAuth flows, rate limiting, and multi-platform strategies. Triggers on social media API integration, automated posting, or platform API requests.
specgen-flutter-riverpod
Generate a detailed specification document for building a Flutter mobile application using Flutter 3.x (Dart 3.x), Riverpod 2.x for state management, Hive 2.x for local storage, Dio 5.x for REST API with smart retry, Firebase Messaging + flutter_local_notifications for push/event notifications, go_router 14.x for navigation, freezed 2.x + json_serializable for immutable models, and build_runner for code generation. The spec also covers cached_network_image, flutter_svg, pull_to_refresh, font_awesome_flutter, material_design_icons_flutter, intl, url_launcher, and flutter_native_splash. Authentication (Keycloak OAuth2/OIDC PKCE via flutter_appauth, local JWT, or none) and optional features (WebSocket, i18n via intl) are configurable based on user input. Standardized input: application name (mandatory), version (mandatory), module (optional). Use this skill whenever the user asks to create a spec, specification, blueprint, or technical design document for a new Flutter mobile application. Also trigger when the u
specgen-laravel-eloquent-bladehtmx
Generate a detailed specification document for building a monolith Laravel 12 web application with server-rendered views (Blade), Tailwind CSS, Alpine.js, htmx, and nwidart/laravel-modules modular packaging. Database (MongoDB, PostgreSQL, MySQL, or none), authentication (Keycloak OAuth2 Client, Laravel Breeze form login, or none), scheduling (Laravel Task Scheduling + Queue Batching or none), messaging (RabbitMQ pub/sub or none), and internationalisation (multi-locale via Laravel's native translation system, or none) are configurable based on user input. Standardized input: application name (mandatory), version (mandatory), module (optional). Use this skill whenever the user asks to create a spec, specification, blueprint, or technical design document for a new Laravel web application with server-side rendering. Also trigger when the user says things like "spec out a new Laravel project", "design a Laravel web skeleton", "write a technical spec for my new Laravel app", "scaffold spec for a monolith Laravel ap
specgen-react-mui
Generate a detailed specification document for building a React SPA (Single Page Application) using React 19, TypeScript 5, Vite 6, Material UI (MUI) v6, React Router v7, TanStack Query v5, Zustand v5, React Hook Form v7, and Zod v3. Authentication (Keycloak OAuth2/OIDC PKCE, generic OIDC, or none), API integration (REST via Axios), and optional features (WebSocket, i18n, MUI X Data Grid, MUI X Charts) are configurable based on user input. Standardized input: application name (mandatory), version (mandatory), module (optional). Use this skill whenever the user asks to create a spec, specification, blueprint, or technical design document for a new React SPA or frontend application. Also trigger when the user says things like "spec out a new React project", "design a React SPA", "write a technical spec for my new frontend app", "scaffold spec for a React MUI app", or any request for a specification document describing a React + MUI + TypeScript application. Even if the user only mentions a subset of the stack (
specgen-react-tailwind
Generate a detailed specification document for building a React SPA (Single Page Application) using React 19, TypeScript 5, Vite 6, Tailwind CSS v3, Headless UI v2, Heroicons, React Router v7, TanStack Query v5, Zustand v5, React Hook Form v7, and Zod v3. Components are built utility-first with Tailwind and made accessible with Headless UI primitives (no component framework like MUI). Authentication (Keycloak OAuth2/OIDC PKCE, generic OIDC, or none), API integration (REST via Axios), and optional features (WebSocket, i18n, TanStack Table data grids, Recharts charts, react-day-picker date pickers, Tiptap rich text) are configurable based on user input. Standardized input: application name (mandatory), version (mandatory), module (optional). Use this skill whenever the user asks to create a spec, specification, blueprint, or technical design document for a new React SPA or frontend application styled with Tailwind CSS. Also trigger when the user says things like "spec out a new React Tailwind project", "design
specgen-spring-jpa-jtehtmx
Generate a detailed specification document for building a monolith Spring Boot 3 web application with server-rendered views (JTE), Tailwind CSS, Alpine.js, htmx, and Spring Modulith packaging. Database (MongoDB, PostgreSQL, MySQL, or none), authentication (Keycloak OAuth2 Client, Spring Security form login, or none), scheduling (Quartz + Spring Batch or none), messaging (RabbitMQ pub/sub or none), and internationalisation (multi-locale via Spring's native MessageSource, or none) are configurable based on user input. Standardized input: application name (mandatory), version (mandatory), module (optional). Use this skill whenever the user asks to create a spec, specification, blueprint, or technical design document for a new Spring Boot web application with server-side rendering. Also trigger when the user says things like "spec out a new web project", "design a Spring Boot web skeleton", "write a technical spec for my new web app", "scaffold spec for a monolith web app", or any request for a specification docu
specgen-spring-jpa-restapi
Generate a detailed specification document for building a Spring Boot 3 REST API application with Spring Modulith packaging. Database (MongoDB, PostgreSQL, MySQL, or none), authentication (Keycloak OAuth2 Resource Server, Spring Security JWT, or none), scheduling (Quartz + Spring Batch or none), and messaging (RabbitMQ pub/sub or none) are configurable based on user input. Standardized input: application name (mandatory), version (mandatory), module (optional). Use this skill whenever the user asks to create a spec, specification, blueprint, or technical design document for a new Spring Boot REST API application. Also trigger when the user says things like "spec out a new REST API project", "design a Spring Boot API skeleton", "write a technical spec for my new API", "scaffold spec for a REST API", or any request for a specification document describing a Spring Boot REST API application. Even if the user only mentions a subset of the stack (e.g., "Spring Boot API" or "Spring REST with MySQL" or "Spring Boot A
ros2-web-integration
Patterns and best practices for integrating ROS2 systems with web technologies including REST APIs, WebSocket bridges, and browser-based robot interfaces. Use this skill when building web dashboards for robots, streaming camera feeds to browsers, exposing ROS2 services as REST endpoints, or implementing bidirectional WebSocket communication between web UIs and ROS2 nodes. Trigger whenever the user mentions rosbridge, rosbridge_suite, roslibjs, FastAPI with ROS2, Flask with rclpy, WebSocket for robot telemetry, MJPEG streaming, WebRTC for robots, REST API wrapping ROS2 services, web-based robot control, browser robot interface, robot dashboard, CORS configuration for robots, or any web-to-ROS2 bridge pattern. Also trigger for authentication on robot web interfaces, rate limiting sensor streams, video streaming from robot cameras to browsers, or running async web frameworks alongside the ROS2 executor. Covers rosbridge_suite, FastAPI, Flask, WebSocket, and WebRTC approaches.
joab-app-security-craft
How Joab reviews application-layer security across web, mobile, and desktop clients — auth flow analysis (JWT / OAuth2 / session), CSRF / XSS prevention at the surface, the OWASP API Top 10 patterns, client-side storage hygiene, mobile/desktop client hardening. Invoke when an application-surface security review is needed.
skill-fastapi-api
Padrões DARE para APIs REST em Python + FastAPI + Pydantic + uvicorn. Routers, dependency injection, Pydantic v2 schemas, async SQLAlchemy 2.0, autenticação OAuth2 + JWT, rate limit com slowapi, pytest + httpx, OpenAPI auto-gerado.
security
API security expertise including authentication, authorization, OWASP compliance, and vulnerability detection.
fastapi-skills
FastAPI framework patterns, best practices, and implementation guides
spring-skills
Spring Boot framework patterns, best practices, and implementation guides
estruturar-open-finance
Guia de implementacao Open Finance Brasil — OAuth 2.0 + FAPI + mTLS + DCR. Use ao integrar com Open Finance pela primeira vez (Fase 2 dados, Fase 3 iniciacao de pagamento).
sinch-authentication
Configures Sinch API credentials and authentication. Use when setting up OAuth2, Basic auth, application signing, or API keys for any Sinch product including Conversation API, Voice, Verification, Numbers, Fax, and Mailgun. Also use when troubleshooting 401 Unauthorized, 403 Forbidden, invalid signature, or credential errors against any Sinch API. For SDKs usage, see sinch-sdks.
sinch-fax-api
Send and receive faxes programmatically with Sinch Fax API. Use when building fax workflows, fax-to-email delivery, sending PDFs by fax, checking fax status, managing fax services, configuring cover pages, receiving fax webhooks, or integrating fax into healthcare, legal, or financial applications.
sinch-number-lookup-api
Looks up phone number details via Sinch Number Lookup API. Use when checking carrier, line type, porting status, SIM swap, VoIP detection, or reassigned number detection (RND) for fraud prevention or routing decisions.
sinch-porting-api
Port phone numbers from other carriers into Sinch with the Porting API. Automates port-in order creation, portability checks, order tracking, on-demand activation, and webhook notifications. Use when porting numbers, checking portability, creating port-in orders, tracking port status, activating ported numbers, uploading LOA documents, or configuring porting defaults.
sinch-sdks
Sinch SDK installation and client initialization for Node.js, Python, Java, and .NET. Use when installing a Sinch SDK, initializing SinchClient, setting up SDK credentials, configuring conversation region in SDK, or building a multi-product SDK client. For In-App Calling SDKs, see sinch-in-app-calling.
sinch-verification-api
Verify phone numbers via SMS, Flashcall, Phone Call, Data (seamless carrier-level), or WhatsApp with Sinch Verification API. Use when implementing user phone verification, OTP, two-factor authentication, or number ownership confirmation flows.
digikey
Search DigiKey for electronic components and download datasheets — primary source for prototype orders and the preferred API-based method for fetching datasheets. Find parts by keyword or part number, check pricing/stock, download datasheets directly via API, analyze specifications. Sync and maintain a local datasheets directory for a KiCad project — extract components from schematics, download all missing datasheets, keep them up to date. Use with KiCad for BOM creation and part selection. Use this skill when the user asks about electronic components, part specifications, datasheets, footprints, pricing, stock availability, or needs to download/read a datasheet — even if they don't mention "DigiKey" by name. Also use when the user says "sync datasheets", "download datasheets for my board/project", or mentions a datasheets directory. DigiKey is the default distributor for prototyping and the preferred datasheet source because its API returns direct PDF links without web scraping. For package cross-reference t
oracle-ords-ptbr
Oracle ORDS — REST services e dicionário USER_ORDS_*/DBA_ORDS_*. ATIVE em define_module, define_template, define_handler, AutoREST, OAuth, ORDS_SECURITY, ORDS_SECURITY_ADMIN, JWT, PAR via ORDS_PAR, privilege, role ORDS, ORDS_EXPORT, USER_ORDS_MODULES, USER_ORDS_HANDLERS, USER_ORDS_SCHEMAS, DBA_ORDS_*, source_type_collection_query, CORS, versionamento de API, depreciação OAUTH package. Frases — "criar endpoint REST", "módulo ORDS", "autenticar API", "inventário de handlers ORDS", "OAUTH deprecated". NAO ATIVE em APEX pages, PL/SQL puro, DBA operacional. Templates em assets/.
auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
security-audit
Use when reviewing code security, auditing dependencies for CVEs, checking configuration or secret security, assessing authentication and authorization patterns, identifying OWASP vulnerabilities (injection, XSS, CSRF), or addressing security concerns about implementations.
ecommerce-api
e커머스 마켓플레이스 API 통합 가이드
auth-patterns
【认证授权】实现认证授权模式,包含 JWT、OAuth2、Session、RBAC/ABAC 权限模型、多因素认证。 触发时机: - 用户要求"实现登录"、"JWT认证"、"OAuth2" - 需要设计权限系统 - 需要实现多因素认证 提供完整的认证授权实现方案。
designing-apis
Design APIs that are secure, scalable, and maintainable using RESTful, GraphQL, and event-driven patterns. Use when designing new APIs, evolving existing APIs, or establishing API standards for teams.
securing-authentication
Authentication, authorization, and API security implementation. Use when building user systems, protecting APIs, or implementing access control. Covers OAuth 2.1/OIDC, JWT patterns, sessions, Passkeys/WebAuthn, RBAC/ABAC/ReBAC, policy engines (OPA, Casbin, SpiceDB), managed auth (Clerk, Auth0), self-hosted (Keycloak, Ory), and API security best practices.
app-backend
Guide for adding a backend layer (REST API, WebSockets, cron jobs) to Fusebase Apps apps. Use when: (1) An app needs a server-side API beyond the Dashboard SDK, (2) Adding REST endpoints or WebSocket support, (3) Setting up the backend/ folder structure, (4) Scheduling cron jobs for periodic tasks. The backend is OPTIONAL — only add when the app genuinely requires server-side logic.
app-dev-practices
Practical guide for building Fusebase Apps apps. Use when: (1) Creating a new app, (2) Setting up project structure, Vite config, or authentication, (3) Building or registering apps, (4) Configuring permissions or public access, (5) Navigating between apps, (6) Fetching user details, (7) Troubleshooting build issues.
security-auth
Authentication and authorization patterns for secure access control. Use when: (1) Implementing JWT authentication, (2) OAuth2/OIDC integration, (3) Building RBAC/ABAC systems, (4) Session management, (5) MFA implementation. Auto-detects: auth, jwt, oauth, oidc, rbac, abac, permission, session, token, refresh, login, password, mfa, 2fa
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via Python. Uses OAuth2 with automatic token refresh. No external binaries needed — runs entirely with Google's Python client libraries in the Hermes venv.
fastapi-architect
Framework-specific delta on rest-api-architect — FastAPI 0.136 on Python 3.14. Feature layout, Pydantic v2 request/response separation, async DI with lifespan, URL-prefix versioning, RFC 7807 errors, in-house OAuth2+JWT or external IdP. Read rest-api-architect first for the cross-cutting REST conventions. Use when scaffolding or reviewing a FastAPI service.
mcp-architect
MCP (Model Context Protocol) 2025-11-25 server standards — tool/resource/prompt primitives, capability negotiation, Streamable HTTP transport with Mcp-Session-Id, OAuth 2.1 + RFC 8707 resource indicators, tool annotations (readOnly/destructive/idempotent), structured output, JSON-RPC error mapping, prompt-injection and SSRF defenses, MCP Inspector testing. Python (FastMCP) and Go (official SDK) recipes. Use when designing, reviewing, or scaffolding an MCP server.
api-gateway
API gateway for calling third-party APIs with managed auth. Use this skill when users want to interact with external services like Slack, HubSpot, Salesforce, Google Workspace, Stripe, and more.
classroom-submit
Autonomously submit files to Google Classroom assignments end-to-end, bypassing the cross-origin Drive Picker iframe that blocks browser automation. Uploads the file to the user's Google Drive via rclone, finds the target assignment (by query or explicit IDs), attaches the Drive file, and turns in the submission — all via the Classroom REST API using OAuth 2.0. Use when asked to "submit to Classroom", "upload this to Atividade X", "entregar", "turn in on Classroom", or any variant of actually finalizing a Classroom submission from a local file.
publish
Publish a local Markdown file to a Slack channel as a formatted message (not a file upload). Use when the user asks to send or publish a .md file to Slack, e.g. "publish foo.md to
rest-api-generator
ATC REST API source generator and CLI for producing server endpoints, C# clients, and TypeScript clients from OpenAPI specifications. Use when the user asks to generate a REST API from an OpenAPI spec, scaffold server handlers, create typed HTTP clients, generate TypeScript clients with React Query hooks, configure API security or rate limiting, set up caching or resilience, version an API, generate webhooks, merge multi-part OpenAPI specs, or migrate from the old atc-rest-api-generator CLI.
dingtalk-skill-creator
创建新的钉钉技能(dingtalk skill)。当用户提到"创建新技能"、"新建技能"、"开发钉钉技能"、"新增钉钉功能"、"添加钉钉接口支持"、"我需要一个钉钉 xxx 技能"、"钉钉待办"、"钉钉签到"、"钉钉考勤"、"钉钉审批"、"钉钉日程"等希望将某个钉钉 API 领域封装成可复用 skill 时,必须使用此技能。此技能包含完整的技能创建流程:SDK 探索 → SDK Python 测试 → 纯 HTTP Python 测试(两步全通过)→ SKILL.md 编写。测试未全部通过不得创建 skill。
authos-device-flow
Implement AuthOS device authorization for CLIs, TVs, and headless apps. Use when requesting device codes, building activation pages, polling /auth/token, handling MFA during device auth, or adding platform admin CLI login through AuthOS.
preset-snowflake-cortex
Prepare Snowflake Cortex direct API access: account URL, auth method, role, warehouse, database/schema context, privileges, and Cortex Agent routing. Use only for direct API workflows; Do not use for MCP-only work.
conventional-commits
Enforces Conventional Commits format for git commit messages. Use when formatting commits or validating message structures. For git commands, see git-control.
rich-api-skill
A comprehensive skill covering authentication, operations, and error handling for the Rich API.
codex-oracle
Query OpenAI Codex (GPT-5.2-codex) for second opinions, alternative implementations, or specialized knowledge. Use when you want to consult another AI model, need a different perspective on a coding problem, or want to verify an approach.
gsdmilestone-sprint
Run entire milestone autonomously with Codex validation. Auto-detects current milestone, executes all phases, and runs audit.
gsdsprint
Autonomous phase execution with Codex validation. Runs plan/execute/verify cycles in a bash loop until done or halted.
ios-networking
iOS networking expert skill covering URLSession with async/await, type-safe generic API clients, Codable JSON encoding/decoding, error handling with retry and exponential backoff, OAuth2 token management, WebSocket connections, caching strategies (URLCache/NSCache), network monitoring (NWPathMonitor), multipart uploads, certificate pinning, and GraphQL with Apollo. Use this skill whenever the user builds networking code, API clients, handles JSON, implements authentication flows, or works with remote data. Triggers on: URLSession, networking, API client, REST, HTTP, JSON, Codable, endpoint, fetch data, download, upload, WebSocket, cache, network monitor, reachability, multipart, GraphQL, Apollo, bearer token, refresh token, retry, backoff, certificate pinning, URL, request, response, async networking.
ios-security
iOS security expert skill covering Keychain Services, biometric authentication (Face ID/Touch ID), CryptoKit encryption, Sign in with Apple, OAuth2, certificate pinning, data protection, privacy manifests, and app hardening. Use this skill whenever the user works on iOS security features — storing credentials, encrypting data, authenticating users, handling permissions, or protecting the app. Triggers on: keychain, biometric, face id, touch id, security, encryption, cryptokit, sign in with apple, oauth, token storage, certificate pinning, privacy manifest, ATS, app transport security, jailbreak, secure enclave, data protection, permissions, tracking transparency, password storage, credential management, sensitive data, SecItem, LAContext, authentication flow, or any iOS code that handles secrets, tokens, or user identity.
setup-repo
Bootstrap the GitHub repo for a forge project — repo creation, branch protection, GitHub Environments, CI workflows, secrets configuration.
google-analytics
Queries GA4 website analytics via the Google Analytics Data API for traffic, engagement, and audience data. Used by brand-agent for monthly web presence synthesis. Configure property ID and credentials in vault/brand/config.md.
commit-messages
Generate clear, conventional commit messages from git diffs. Use when writing commit messages, reviewing staged changes, or preparing releases.
fastapi-patterns
FastAPI patterns, Pydantic schemas, dependency injection, async correctness, response models, error handling, OpenAPI, and auth. Use whenever the project contains `fastapi` in dependencies, files importing from `fastapi`, `@app.get`/`@router.get` decorators, Pydantic BaseModel subclasses used as request/response types, OR the user asks about FastAPI, Pydantic v2, Depends(), HTTPException, OAuth2PasswordBearer, APIKeyHeader, response_model, even if FastAPI is not mentioned by name.
loadout-dev
Expert development partner for The Loadout — the Mission Built MCP server (mcp.missionbuilt.io) that powers The Warmup and The Spotter skills. Use this skill any time you are working on the Loadout project: adding or editing a skill, modifying warmup-template.html or spotter-template.html, changing index.ts tools, bumping versions, editing SKILL.md files, running a tech lead review, or preparing a commit and deploy. Also use it when the user says things like "work on the warmup," "add a new loadout skill," "update the spotter," "edit the template," "bump the version," or "review before we ship." This skill carries the full project architecture, hard-won lessons from past sessions, and the exact collaboration model Mike and Claude use — including the rule that Mike runs all terminal commands and Claude writes all code. DO NOT invoke for end-user requests to RUN the skills — "spot my epic," "run my warmup," "run the approach for [company]" are handled by the MCP tools directly, not by this development skill.
auth-architect
Designs and implements authentication and identity systems. Covers OAuth2 and OIDC flows including authorization code, PKCE, and client credentials; JWT design including RS256 vs HS256, key rotation, token blacklisting, and refresh token strategy; RBAC and ABAC modeling; SSO with Google, GitHub, and SAML 2.0; session management; magic links; MFA with TOTP, SMS, and hardware keys; and API key management. Use this skill when the user says "implement OAuth2," "JWT refresh token rotation," "set up SSO with Google," "design RBAC for multi-tenant," "implement magic link auth," "is my JWT secure," "add login to my app," "session management strategy," or "API key auth."
fabric-auth
Use when authenticating to Microsoft Fabric APIs — getting 401 Unauthorized errors, choosing token audience/scope for Fabric REST, Power BI REST, OneLake, Warehouse/SQL, KQL, XMLA, or Azure ARM, or running `az login` / `az account get-access-token` / `az rest` for Fabric. Covers the full token-audience table, the OneLake-only `storage.azure.com/.default` requirement, `az login` flow variants (--allow-no-subscriptions, --use-device-code, SPN cert, managed identity), `az rest --resource` requirement (Fabric URL is not a built-in Azure endpoint), JWT decoding for 401 debugging, and why using the wrong audience is the #1 cause of 401s.
spotify-web-api-with-fixes-and-improvements-from-sonallux
Spotify Web API with fixes and improvements from sonallux API skill. Use when working with Spotify Web API with fixes and improvements from sonallux for albums, artists, shows. Covers 97 endpoints.
square
Square API skill. Use when working with Square for mobile, oauth2, {location_id}. Covers 327 endpoints.
fastapi-senior-dev
Senior Python Backend Engineer skill for FastAPI. Use when scaffolding production-ready APIs, enforcing clean architecture, optimizing async patterns, or auditing FastAPI codebases.
token-formatter
Convert verbose docs/markdown/text into token-efficient formats. Use when user wants to reduce token count, compress content for LLM context, or optimize for AI consumption.
auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
hubspot-integration
Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubs...
gsdhealth-check
Verify GSD setup - checks Claude, Codex, skills, and MCP servers are working correctly.
gsdsecond-opinion
Get a second opinion from OpenAI Codex (GPT-5.2-codex) on code, architecture, or implementation decisions. Use when you want independent verification or an alternative perspective.
mcp-specification-reference
Use when the user asks about "MCP protocol version", "MCP spec", "protocol negotiation", "MCP capabilities", "MCP transport", "MCP lifecycle", "MCP schema", "initialize handshake", or needs to verify MCP server conformance, understand version differences, check required methods, or look up MCP protocol behavior. Also applies when building or debugging MCP servers and needing authoritative spec details.
devops-tooling
Git operations, shell scripting, CI/CD pipelines, and terminal automation. Use for conventional commits, PowerShell/Bash scripting, configuring GitHub Actions, or automating development tooling workflows.
genfeed-connector
The seam between content-factory skills and genfeed.ai. Detects whether genfeed is connected (API key / CLI / config), then exposes one uniform CLI (gf) for manifest state, stage transitions, performance feedback, and platform tokens. Runs fully standalone on the local filesystem, or routes state, the OAuth token vault, scheduling, and analytics to genfeed.ai when a key is present. Triggers on "content factory state", "genfeed connector", "is genfeed connected", "content manifest", "content loop state", "gf adapter".
auth
Secure authentication and authorization patterns — password hashing, brute-force protection, session vs JWT, OAuth/SSO flows, RBAC. Use when the user says "add login", "set up auth", "is this auth secure", "implement OAuth", "session vs token", "should I use JWT here", or when shipping any feature that gates access. Do NOT use for guessing at credentials or bypassing auth — refuse those.
analytics
View traffic, costs, agent stats, and bot detection via the systemprompt CLI
architecture-standards
Layer architecture, module boundaries, extension patterns, plugin structure, config system, and build pipeline standards
extension-ai--tool-providers
LlmProvider, ToolProvider trait implementations and MCP server integration
extension-content-feeds
RssFeedProvider and SitemapProvider trait implementations for SEO and content syndication
extension-data-providers
PageDataProvider, ContentDataProvider, and FrontmatterProcessor trait implementations
extension-hooks--events
Hook catalog, lifecycle events, hook scripts, and event-driven automation
extension-infrastructure
Jobs, Schemas, Router, Assets, Storage Paths, Site Auth, and Config Validation trait implementations
extension-rendering
ComponentRenderer, TemplateProvider, TemplateDataExtender, and PagePrerenderer trait implementations
frontend-standards
Complete JavaScript, CSS, accessibility, event architecture, bundle pipeline, and admin UI coding standards
job-scheduling
List, run, enable, and disable scheduled jobs via the systemprompt CLI
rust-standards
Complete Rust coding, linting, testing, architecture, and layer boundary standards for systemprompt.io development
skill-creation
Create, structure, and publish skills through the skill-plugin-marketplace pipeline
web-standards
Extension system, content templates, page prerendering, and CSS management standards for systemprompt.io web development
google-ads-agent
AI-powered Google Ads campaign management — create, optimize, audit, and report on PPC campaigns
google-workspace-agent
Unified Gmail, Calendar, Drive, Sheets, and Docs management from Claude Code
line-works-agent
Enterprise LINE communication — bots, messages, groups, calendar on Japan's business-grade LINE platform
moneyforward-agent
Cloud accounting automation — invoices, expenses, journal entries, bank reconciliation on Japan's leading fintech
gemini-deep-research
Perform complex, long-running research tasks using Gemini Deep Research Agent. Use when asked to research topics requiring multi-source synthesis, competitive analysis, market research, or comprehensive technical investigations that benefit from systematic web search and analysis.
deploy
Deploy web applications to DevTools Cloud from Git repositories. Use when the user wants to deploy, ship, publish, or launch a web app. Supports Node.js, Python, Go, and Rust with automatic build detection. Handles zero-downtime deployments with automatic rollback on failure. Do NOT use for domain management or log viewing.
order
Place orders on Bob's Online Store. Use when the user wants to add items to a cart, apply coupons, choose shipping, and complete checkout via API. Handles the full purchase workflow from cart to confirmation. Requires a Bearer token (user must be logged in). Do NOT use for product search or browsing.
authz-patterns
JWT、OAuth2、RBAC、会话管理的最佳实践
keyvox-checkin-status
KEYVOXのチェックイン状況を確認する。今日のゲストが何人チェックイン済みか知りたい、特定予約・特定ゲストがチェックインしたか確認したい、チェックイン予定時刻を過ぎてもステータスが未チェックインのままの予約を抽出したい、といった「予約のチェックインステータス(orderStateCode)を確認する」業務で使用する。チェックイン判定は予約ステータスで行い、ロックの解錠履歴では判定しない(解錠=実利用の判定は keyvox-housekeeping の領域)。
keyvox-housekeeping
KEYVOX清掃計画支援。本日チェックアウトした部屋の清掃対象抽出、いつから清掃に入れるかの判定、次のチェックインまでの空き時間��認、本日の実利用件数集計など、清掃オペレーション計画に必要な情報を返す。ノーショウ(予約あったが解錠ゼロ)は清掃不要と判定。
keyvox-onsite-support
KEYVOX滞在中ゲストのトラブル対応。鍵忘れ・閉じ込め・解錠できない等の緊急対応で使用。リモート解錠や一時PIN発行など実物理デバイスに影響する操作を含むため、必ずオペレーターの最終承認を取ってから実行する。状況確認だけのケースにも対応。
keyvox-reservation
KEYVOX予約の管理業務を行う。新規予約を作成したい、今日や明日の予約一覧を見たい、予約を延長したい、予約内容を変更したい、予約をキャンセルしたい、といった予約レコードを操作するすべての場面で使用する。空き状況の確認や、予約に紐づくPIN/QRコードの取得もこのスキルでカバー。
api-checklist
API integration checklist based on past lessons.
caveman-compressed-mode
当用户要省 token、要简洁或显式触发「穴居人模式」时使用;做删冗压缩输出(去冠词/客套/填充/含糊词,保留技术实质与代码),产出 token 约降 75% 的高密度回复;不适用于安全警告、不可逆操作确认、多步有序流程、首轮无上下文及非技术干系人沟通。触发词:caveman、穴居人模式、少用 token、简洁点、/caveman
use-dangerous-secret
Demonstration skill that attempts to use a plaintext secret, designed to be blocked by governance hooks
clawdbot-self-security-audit
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities and generate reports. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities do I have". This skill only READS configuration and generates reports—it never modifies settings or executes fixes automatically. Designed to be extensible—new checks can be added by updating this skill's knowledge.
functional-testing
Drive the inter-LLM functional test harness for this MCP server. Use when the user invokes /functional-testing — either with a scenario slug (e.g. `01-namespace-readonly`) or `all`. Reads STATE.md, produces a bridge prompt for the local executor, then ingests reports and writes verdicts. Never reads `expected.md` until the executor has already pushed its report.
api-security-best-practices
Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities
api-design-plan
Planning and designing scalable, secure, and intuitive APIs
advpl-webservice
Use ao criar/editar API REST ou SOAP no Protheus, escolher entre WSRESTFUL (clássico) e @Get/@Post (notation tlppCore — ~3x mais rápido, suporta @Patch + Swagger), migrar de uma pra outra, configurar PrepareIn + TenantId, validar JWT/OAuth2, ou revisar SEC-001 (RpcSetEnv em REST). Inclui pegadinhas como ::SetResponse cumulativo, WSMETHOD sub-nome, requisitos de versão (notation precisa AppServer 20+).
openapi-doc-generator
当需要为 REST/事件驱动 API 编写或重写规范、搭建交互式开发者文档与门户时使用;做 OpenAPI 3.1/AsyncAPI 规范编写、示例与鉴权流程补全、交互文档与多语言 SDK 生成及示例可测试化的产物;不适用于无 API 面、纯后端实现或只需内部速记的场景;触发词:OpenAPI、API 文档、SDK 生成、Swagger/Redoc、开发者门户
spring-boot
Spring Boot REST API, JPA repositories, Spring Security JWT, @WebMvcTest, @SpringBootTest, Spring Cloud
identity-access
Use for authentication, authorization, SSO, and multi-tenant isolation — OIDC/OAuth2 + PKCE, enterprise SAML SSO, SCIM provisioning, RBAC/ABAC/ReBAC, deny-by-default server-side authz, tenant isolation, sessions/tokens/MFA. Trigger on "login/auth", "SSO/SAML/OIDC", "SCIM/provisioning", "roles/permissions/RBAC", "multi-tenant isolation", "tokens/sessions/MFA", or any identity/access decision.
setup-cron
Use when the user asks to schedule daily-cycle, set up cron, or run daily-cycle every day. Installs an OS-level schedule (macOS LaunchAgent / Windows Task / Linux cron) for `/daily-cycle PROJECT`. Also covers /loop and /schedule alternatives.
setup-cron
Use when the user asks to schedule daily-cycle, set up cron, or run daily-cycle every day. Installs an OS-level schedule (macOS LaunchAgent / Windows Task / Linux cron) for `/daily-cycle PROJECT`. Also covers /loop and /schedule alternatives.
google-workspace
Manage Google Workspace via the `gws` CLI — Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, Tasks, Meet, Slides, Forms, Contacts, and every other Workspace API. Use when: (1) listing, uploading, downloading, or sharing files on Google Drive, (2) reading, sending, labeling, or filtering Gmail messages, (3) creating, updating, or querying Google Calendar events, (4) reading or writing Google Sheets data, (5) creating or editing Google Docs, (6) sending Google Chat messages, (7) managing Google Tasks, (8) any other Google Workspace operation. Wraps the official `gws` CLI which dynamically discovers all Workspace APIs. Outputs structured JSON suitable for agent pipelines.
fastapi-security
Security audit for FastAPI applications including dependency injection for auth, Pydantic schemas for input/output, OAuth2 scopes, async endpoint patterns, CORS middleware, SQL injection via SQLAlchemy raw queries, Starlette middleware, and FastAPI-specific patterns. Use this skill whenever the user mentions FastAPI, Pydantic, Starlette, OAuth2PasswordBearer, Depends, APIRouter, fastapi-users, SQLAlchemy in FastAPI, or asks "audit my FastAPI app", "FastAPI security review", "Pydantic safe". Trigger when the codebase contains `fastapi` in `requirements.txt` / `pyproject.toml`.
infra-security
Use this agent when you need to audit domain security posture, configure DNS records, or manage Cloudflare security features (WAF, Workers, Zero Trust) via the Cloudflare MCP server. Use terraform-architect for IaC generation; use this agent for live Cloudflare configuration and security auditing.
auth-patterns
Design authentication and authorization systems — JWT lifecycle, OAuth 2.0 / OIDC flows, token storage, refresh strategy, RBAC and ABAC permission models. Use when asked about "login flow", "JWT", "OAuth", "refresh token", "access control", "permissions", "RBAC", "who can see what", or "auth is broken". Do NOT use for: session-based auth vs token trade-off analysis (that's an architecture decision) or security penetration testing (use `red-team-check`).
api-security
API security review against OWASP API Top 10 2023. Covers auth (OAuth2/JWT/API-keys), object-level authorization (BOLA/IDOR), schema validation, rate-limiting, CORS, SSRF, and GraphQL-specific concerns (introspection, query depth, batching).
spring-security
Spring Boot security review — Spring Security config (SecurityFilterChain), OAuth2/OIDC client and resource-server, method-level @PreAuthorize, JWT validation, actuator endpoint lockdown, CSRF model for web vs API, and recent Spring CVE patterns (Spring4Shell, SpEL injection, authorization bypasses).
example-web-search
A simple demonstration skill that searches the web for information
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via Python. Uses OAuth2 with automatic token refresh. No external binaries needed — runs entirely with Google's Python client libraries in the Hermes venv.
benchling-integration
Benchling R&D platform integration. Access registry (DNA, proteins), inventory, ELN entries, workflows via API, build Benchling Apps, query Data Warehouse, for lab data management automation.
idealista
Query Idealista API via idealista-cli (OAuth2 client credentials).
git-conventions
Branch naming, commit message format, PR workflow, worktree conventions, versioning policy
google-workspace
Gmail, Calendar, Drive, Contacts, Sheets, and Docs integration via Python. Uses OAuth2 with automatic token refresh. No external binaries needed — runs entirely with Google's Python client libraries in the Hermes venv.
oauth
OAuth 2.0 attack methodology. Covers redirect_uri manipulation, state CSRF bypass, authorization code interception, implicit flow token theft, open redirect chaining, and PKCE bypass.
oauth-audit
Use when auditing OAuth 2.0 / OIDC implementations against RFC 9700 (OAuth Security BCP), reviewing client or authorization-server code, evaluating PKCE / state / redirect-URI handling, hardening token exchange and refresh flows, or triaging suspected OAuth vulnerabilities (CWE-352 CSRF, CWE-287 broken auth).
digikey
Search DigiKey for electronic components and download datasheets — primary source for prototype orders and the preferred API-based method for fetching datasheets. Find parts by keyword or part number, check pricing/stock, download datasheets directly via API, analyze specifications. Sync and maintain a local datasheets directory for a KiCad project — extract components from schematics, download all missing datasheets, keep them up to date. Use with KiCad for BOM creation and part selection. Use this skill when the user asks about electronic components, part specifications, datasheets, footprints, pricing, stock availability, or needs to download/read a datasheet — even if they don't mention "DigiKey" by name. Also use when the user says "sync datasheets", "download datasheets for my board/project", or mentions a datasheets directory. DigiKey is the default distributor for prototyping and the preferred datasheet source because its API returns direct PDF links without web scraping. For package cross-reference t
gmail-adapter
Gmail email sending adapter for the 100X Outreach System. Use this skill to send emails via Gmail using the user's own OAuth2 credentials. This is a core skill for email campaigns and workflow email steps.
google-drive-operator
Analyze, restructure, and manage Google Drive shared folders. List contents, read documents, rename files, create professional documents, and organize folder hierarchies -- all through the Google Drive and Docs APIs.
fastapi
FastAPI Python framework. Covers REST APIs, validation, dependencies, security. Keywords: Pydantic, async, OAuth2, JWT.
hubspot-integration
Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubs...
ios-security
iOSセキュリティ実装ガイド。認証・認可、データ暗号化、Keychain、証明書ピンニング、App Transport Security、脱獄検知、難読化など、セキュアなiOSアプリケーション開発のベストプラクティス。
support-manager
Support ticket management with SLA tracking and knowledge base. Use this skill when the user needs to create, track, or resolve support tickets, or search the knowledge base.
hubspot-integration
Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubs...
java-security
Reviews or implements Spring Security configuration — JWT authentication, OAuth2, method-level security, CORS, and CSRF. Use when user asks to "add authentication", "secure this API", "implement JWT", "configure Spring Security", "add OAuth2 login", "protect endpoints", or "review security config".
authentication
Auth flows, session management, OAuth integration, domain-restricted access, and role-based access control for TopNetworks properties. Primary implementation is Better Auth 1.x with Google OAuth in route-genius. Use when implementing login, session checks, protected routes, or any access control logic.
fastapi-sqlmodel-arq-backend
构建或改造基于 FastAPI + SQLModel(异步 SQLAlchemy) + Arq + Redis 的后端系统。用于新增/重构 RESTful API、实现异步数据库访问、编写服务层与依赖注入、配置 OAuth2 + JWT(Argon2) 认证、生成 Alembic 迁移建议、统一 loguru 日志规范等后端任务;不用于纯前端页面样式开发或仅做 OpenAPI 客户端同步的任务。
api-design
Use when the user asks to design, edit, validate, or review REST APIs, OpenAPI/Swagger specs, endpoints, schemas, error responses, authentication, authorization, or versioning strategy.
gws
Use when the user asks to inspect or operate Google Calendar, Drive, Gmail, or Tasks through the gws CLI, including calendar agendas, event creation, Drive search/upload/download, Gmail triage/read/send/reply, or task list requests.
autoxpp-azure-devops
Use when the user asks to read, query, or interact with Azure DevOps work items, tickets, comments, attachments, or boards. Triggers on phrases like "read ticket", "check devops", "work item", "devops comments", "ticket 1069", or any Azure DevOps URL (dev.azure.com).
dd-debugger
Live Debugger - inspect runtime argument/variable values in production by placing log probes on methods. Use when asked what values a function receives, what parameters look like at runtime, or to capture live data from running services without redeploying.
email-triage
Triage inbox emails with himalaya. Use when user says "check email", "triage email", "email triage", "check inbox", "process email", "email me", "what emails do I have", "clear inbox", "inbox zero", "follow ups", "awaiting reply", "who hasn't replied", or "chase up".
google-colab-cli
Use when installing, authenticating, account switching, troubleshooting, or operating google-colab-cli for Colab VM execution, file transfer, Drive mount, GPU/TPU use, or compute-unit-sensitive sessions.
hubspot-integration
Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubs...
hubspot-integration
Expert patterns for HubSpot CRM integration including OAuth authentication, CRM objects, associations, batch operations, webhooks, and custom objects. Covers Node.js and Python SDKs. Use when: hubs...
authentication
Auth flows, session management, OAuth integration, domain-restricted access, and role-based access control for TopNetworks properties. Primary implementation is Better Auth 1.x with Google OAuth in route-genius. Use when implementing login, session checks, protected routes, or any access control logic.
fastapi-sqlmodel-arq-backend
构建或改造基于 FastAPI + SQLModel(异步 SQLAlchemy) + Arq + Redis 的后端系统。用于新增/重构 RESTful API、实现异步数据库访问、编写服务层与依赖注入、配置 OAuth2 + JWT(Argon2) 认证、生成 Alembic 迁移建议、统一 loguru 日志规范等后端任务;不用于纯前端页面样式开发或仅做 OpenAPI 客户端同步的任务。
Integration detected automatically from skill content. Some results may be false positives.