Security audit with automatic fixes: $ARGUMENTS (package names or '.')

Scan codebase for bad coding practices that violate fail-fast principles

Run a single-session code review audit on the codebase

Run all 7 domain audits in staged waves and aggregate results

Orchestrates comprehensive audits of Claude Code customizations using specialized auditors. Use when auditing multiple components, asking about naming/organization best practices, or needing thorough validation before deployment.

**Version:** 2.0 **Total Agents:** 18 parallel agents across 5 stages + 1

Run a single-session engineering productivity audit on the codebase

Expert-level security auditing, compliance, code review, and vulnerability assessment

Implement immutable audit logging and SIEM integration.

Audit codebase for performance bottlenecks and thread-safety issues

Run a single-session performance audit on the codebase

Prepare your codebase for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates comprehensive documentation (flowcharts, user stories, inline comments). (project, gitignored)

**Version:** 2.2 (Recovery Safeguards - Session #122)

Run a single-session refactoring audit on the codebase

Template and formatting guidelines for security audit reports. Provides consistent structure for findings, severity classification, ASVS mapping, and remediation recommendations.

Run a single-session security audit on the codebase

Quick security audit checking for hardcoded secrets, SSRF vectors, injection points, dependency issues, and missing security headers

Comprehensive audit capabilities for security, code quality, module structure, compliance, and performance analysis. Use this skill when performing security audits, code reviews, vulnerability assessments, module structure validation, or generating audit reports.

Comprehensive guide to implementing audit trails and logging for AI agents including tracing, observability, compliance, and debugging

**Version:** 1.0 **Purpose:** Validate TDMS and Documentation Standards

使用 squirrelscan CLI（squirrel）对网站进行审计，覆盖 SEO、技术、内容、性能、安全等 140+ 规则。当需要分析网站健康、排查技术 SEO、检查死链、校验 meta 与结构化数据、生成站点审计报告、对比改版前后，或提到「网站审计」「audit website」「squirrel」「站点健康检查」时使用。

Auditing and updating npm dependencies to prevent security vulnerabilities in TypeScript projects

Analyze existing libraries for convention violations and report issues.

Audits notification permission request flows. Use when reviewing or improving permission prompts, settings paths, or denial handling.

Audits the project for consistency issues that may arise from manual editing. Checks package scripts, tsconfig paths, README tables, and other conventions.

<objective>

Use this skill when auditing websites for SEO, analyzing search performance, checking technical SEO issues, or optimizing sites for search engines. Performs comprehensive SEO audits covering technical, on-page, and off-page factors. Invoke for SEO analysis, search optimization, keyword research, or improving search rankings.

Use when reviewing website copy, SEO titles/descriptions, marketing content, or public messaging - applies Anil Dash's shareability framework to ensure others can authentically talk about your work without you present

Control August smart locks and manage home access

>

>

>

>

Adds BetterAuth authentication to Apso backends. Handles entity setup, code generation, auto-fixes, and verification. Triggers when user needs to add authentication, setup auth, or integrate BetterAuth.

Pre-built and custom Clerk authentication component templates with theming and customization patterns. Use when building authentication UI, creating sign-in/sign-up pages, customizing Clerk components, implementing user buttons, theming auth flows, or when user mentions Clerk components, SignIn, SignUp, UserButton, auth UI, appearance customization, or authentication theming.

Configure Supabase authentication providers (OAuth, JWT, email). Use when setting up authentication, configuring OAuth providers (Google/GitHub/Discord), implementing auth flows, configuring JWT settings, or when user mentions Supabase auth, social login, authentication setup, or auth configuration.

| Field | Value |

IntelliFill authentication flow patterns using Supabase Auth, JWT tokens, and backend auth mode

Use when you need to implement CloudBase Auth v2 over raw HTTP endpoints (login/signup, tokens, user operations) from backends or scripts that are not using the Web or Node SDKs.

auth-integration

auth-js

Implement secure, production-ready authentication systems.

Supabase authentication patterns including getUser vs getSession, deadlock avoidance, session handling, and bypass patterns. Use when working with auth, sessions, cookies, or encountering auth hangs/timeouts. Keywords: auth, getUser, getSession, session, deadlock, timeout, cookie, token, Web Locks.

Add Better Auth signup/signin, personalize chapter content, and persist user preferences. Use when implementing authentication, user sessions, or personalized content delivery.

Implementação de autenticação e controle de acesso baseado em roles (RBAC) em Laravel incluindo Guards, Policies, Gates, Permissions, Middleware de autorização, e integração com pacotes como Spatie Permission. Usar para implementar login/registro, controle de acesso por perfil, permissões granulares, proteção de rotas, e auditoria de acessos.

This skill should be used when the user requests to audit, check, or generate authentication and authorization protection for Next.js routes, server components, API routes, and server actions. It analyzes existing routes for missing auth checks and generates protection logic based on user roles and permissions. Trigger terms include auth check, route protection, protect routes, secure endpoints, auth middleware, role-based routes, authorization check, api security, server action security, protect pages.

OAuth 2.1, JWT (RFC 8725), encryption, and authentication security expert. Enforces 2026 security standards.

Implement authentication. Use when: Adding login, registration, or permission checks. Not for: Simple scripts or non-secure contexts.

Implements standard Supabase authentication flows including signup, login, password reset, OAuth providers, email verification, and session management with complete security best practices