Audit codebase for performance bottlenecks and thread-safety issues

Run a single-session performance audit on the codebase

Prepare your codebase for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates comprehensive documentation (flowcharts, user stories, inline comments). (project, gitignored)

Run a single-session refactoring audit on the codebase

Template and formatting guidelines for security audit reports. Provides consistent structure for findings, severity classification, ASVS mapping, and remediation recommendations.

Comprehensive audit capabilities for security, code quality, module structure, compliance, and performance analysis. Use this skill when performing security audits, code reviews, vulnerability assessments, module structure validation, or generating audit reports.

Audit a checkpoint specification for realism and design decision forcing. Reviews specs to remove hand-holding, hidden corner cases, and architectural giveaways. Invoke with /audit-spec <problem> <checkpoint>.

Comprehensive guide to implementing audit trails and logging for AI agents including tracing, observability, compliance, and debugging

Audit UI/UX changes in a focus area against design guidelines for accessibility, consistency, and usability issues.

使用 squirrelscan CLI（squirrel）对网站进行审计，覆盖 SEO、技术、内容、性能、安全等 140+ 规则。当需要分析网站健康、排查技术 SEO、检查死链、校验 meta 与结构化数据、生成站点审计报告、对比改版前后，或提到「网站审计」「audit website」「squirrel」「站点健康检查」时使用。

Implementing comprehensive logging, tracking, and audit trails for AI systems to ensure compliance and enable debugging.

Audits deep link contracts and routing behavior. Use when validating

Auditing and updating npm dependencies to prevent security vulnerabilities in TypeScript projects

<user_command>/kata:audit-milestone</user_command>

Audits notification permission request flows. Use when reviewing or improving permission prompts, settings paths, or denial handling.

<objective>

Use this skill when auditing websites for SEO, analyzing search performance, checking technical SEO issues, or optimizing sites for search engines. Performs comprehensive SEO audits covering technical, on-page, and off-page factors. Invoke for SEO analysis, search optimization, keyword research, or improving search rankings.

Use when reviewing website copy, SEO titles/descriptions, marketing content, or public messaging - applies Anil Dash's shareability framework to ensure others can authentically talk about your work without you present

>

>

>

>

>

>

Generate content using austn.net AI services (TTS, images, etc.)

Provides tax knowledge and deduction validation for Harry's multi-entity Australian business ecosystem (MOKAI PTY LTD, MOK HOUSE PTY LTD, SAFIA Unit Trust, HS Family Trust, Harrison Robert Sayers sole trader). Integrates with Graphiti MCP for entity relationship memory and Serena MCP for calculation patterns. Automatically validates tax deductions, monitors GST thresholds, optimizes trust distributions, and tracks APRA/SAFIA royalty income. Triggers when discussing deductions, tax brackets, GST registration, trust distributions, business expenses, UpBank transactions, or Australian tax optimization. Uses lazy-loading knowledge architecture for token efficiency.

Review and analyze authentication and authorization patterns for security vulnerabilities.

Adds BetterAuth authentication to Apso backends. Handles entity setup, code generation, auto-fixes, and verification. Triggers when user needs to add authentication, setup auth, or integrate BetterAuth.

Pre-built and custom Clerk authentication component templates with theming and customization patterns. Use when building authentication UI, creating sign-in/sign-up pages, customizing Clerk components, implementing user buttons, theming auth flows, or when user mentions Clerk components, SignIn, SignUp, UserButton, auth UI, appearance customization, or authentication theming.

Configure Supabase authentication providers (OAuth, JWT, email). Use when setting up authentication, configuring OAuth providers (Google/GitHub/Discord), implementing auth flows, configuring JWT settings, or when user mentions Supabase auth, social login, authentication setup, or auth configuration.

Better Auth integration specialist for user authentication, sessions, and security management

Use when you need to implement CloudBase Auth v2 over raw HTTP endpoints (login/signup, tokens, user operations) from backends or scripts that are not using the Web or Node SDKs.

auth-js

This skill should be used when the user requests to audit, check, or generate authentication and authorization protection for Next.js routes, server components, API routes, and server actions. It analyzes existing routes for missing auth checks and generates protection logic based on user roles and permissions. Trigger terms include auth check, route protection, protect routes, secure endpoints, auth middleware, role-based routes, authorization check, api security, server action security, protect pages.

Generate Better Auth user schema configuration with custom additional fields for user profiles. Use when implementing authentication, user profiles, or extending user data models with Better Auth. Automatically generates TypeScript types and database schema.

OAuth 2.1, JWT (RFC 8725), encryption, and authentication security expert. Enforces 2026 security standards.

Comprehensive security review of authentication systems.

auth-shield

Auth system (Clerk + Convex + anonymous JWT) guidelines and planned permissions/upgrade behavior.

Write like a human, not a language model. This skill eliminates the telltale patterns that make AI writing detectable.

OAuth 2.1 compliant authentication flows (MANDATORY Q2 2026). PKCE required for ALL clients, Implicit Flow removed, modern token security.

Manages authentication flow for MutuaPIX (Laravel Sanctum + Next.js), handles mock mode security, and validates environment configurations

Comprehensive authentication implementation guidance including JWT best practices, OAuth 2.0/OIDC flows, Passkeys/FIDO2/WebAuthn, MFA patterns, and secure session management. Use when implementing login systems, token-based auth, SSO, passwordless authentication, or reviewing authentication security.

>

Use when implementing authentication, user management, organization/tenant management, team invitations, role-based access control (RBAC), or multi-tenant architecture in a Supabase project. Provides complete schema, API templates, and frontend components for AuthHub-style authentication.

Create/update AGENTS.md for a Python repo driven by uv (ruff/mypy/pytest), including single-test commands and editor rule discovery.

Create author profiles via questionnaire or transcript analysis for consistent article voice

Analyze content sequences and determine authoring approach (default content vs blocks). Validates block selection and section styling for import/migration to AEM Edge Delivery Services.

Workflow and best practices for writing Apache Airflow DAGs. Use when the user wants to create a new DAG, write pipeline code, or asks about DAG patterns and conventions. For testing and debugging DAGs, see the testing-dags skill.