OAuth 2.1, JWT (RFC 8725), encryption, and authentication security expert. Enforces 2026 security standards.

Comprehensive security review of authentication systems.

Autonomous validation of authentication security. Checks password hashing, cookie configuration, CSRF protection, and session management for OWASP compliance.

auth-shield

Authenticate to web app and verify session state with Chrome DevTools session sharing

Write like a human, not a language model. This skill eliminates the telltale patterns that make AI writing detectable.

Authentication and authorization including JWT, OAuth2, OIDC, sessions, RBAC, and security analysis. Activate for login, auth flows, security audits, threat modeling, access control, and identity management.

Manages authentication flow for MutuaPIX (Laravel Sanctum + Next.js), handles mock mode security, and validates environment configurations

Comprehensive authentication implementation guidance including JWT best practices, OAuth 2.0/OIDC flows, Passkeys/FIDO2/WebAuthn, MFA patterns, and secure session management. Use when implementing login systems, token-based auth, SSO, passwordless authentication, or reviewing authentication security.

>

Use when implementing authentication, user management, organization/tenant management, team invitations, role-based access control (RBAC), or multi-tenant architecture in a Supabase project. Provides complete schema, API templates, and frontend components for AuthHub-style authentication.

Create/update AGENTS.md for a Python repo driven by uv (ruff/mypy/pytest), including single-test commands and editor rule discovery.

Workflow and best practices for writing Apache Airflow DAGs. Use when the user wants to create a new DAG, write pipeline code, or asks about DAG patterns and conventions. For testing and debugging DAGs, see the testing-dags skill.

Authors and manages global package scripts using the _: prefix convention. Scripts defined in root package.json are propagated to all packages with the prefix stripped.

>

Hunt for authorization bypass vulnerabilities including IDOR, privilege escalation, missing access controls, broken object-level authorization. Use when auditing authentication/authorization code or API endpoints.

auto-animate

auto-branch

Autonomous multi-agent coding with git worktree isolation, QA validation, and memory. Use for complex features requiring autonomous implementation.

>

Automatically commits and pushes significant changes to git after completing features, fixes, or milestones. This skill should be used proactively by Claude when meaningful work is completed, or invoked manually via /auto-commit. Triggers on feature completion, bug fixes, configuration changes, documentation updates, or when explicitly requested.

Automatically deploy oh-my-gemini to npm and GitHub

System prompt for automated PR description generation. Used by the runtime module.

Automate detection and removal of duplicate files/functions in TypeScript, JavaScript, and Python projects. Safely refactor imports, validate with tests, and deploy changes with zero risk of breaking the system.

Fix a reported bug end-to-end: reproduce it, add a regression test, implement the minimal fix, create a new git branch, commit using Conventional Commits, push, and open a GitHub PR (prefer gh CLI). Use when the user asks to fix a bug and wants a PR created.

CCv2 inicjalizacja trybu auto - wywiad + CONTINUITY + VALIDATION. Triggers: auto-init, auto init, inicjuj auto, plan auto

Run linters/formatters on changed files and apply safe, mechanical fixes. Use in Flow 3 and Flow 4.

Merge an existing PR after rebasing, running review-pass, ensuring CI passes, and addressing review comments.

You are the **Orchestration Intelligence**. You automatically detect when work should be parallelized and coordinate the orchestration process.

Enable parallel agent execution for multi-domain features with git worktree isolation

Expert prompt engineering assistant that analyzes vague requests, asks clarifying questions, and transforms them into structured, high-quality prompts using XML tags, examples, and chain-of-thought reasoning. Always active - transparently shows enhanced prompts before execution. Use for vague requests, feature implementation, or architecture decisions.

>-

Automate version updates and releases for any project type (Node.js, Python, Rust, Unity, Unreal, etc.). Detect project type, update version files, generate CHANGELOG, and handle git operations with cross-platform support.

Pattern for automated testing with GitHub issue creation and Claude Code auto-fixing. Creates Test → Fail → Issue → Fix → Repeat cycle until tests pass.

Expert in Tauri auto-update implementation with focus on signature verification, rollback mechanisms, staged rollouts, and secure update distribution

auto-validate

Programmatic asset compliance validation using vision analysis and Northcote scorecard. Eliminates manual validation loops—upload image, receive scored JSON with correction prompts in 30 seconds.

>

Autonomous task execution - works through all tasks without stopping

Autogenerate formula implementations from formula specifications (F-*). Converts mathematical formulas, calculations, and algorithms into production code with tests. Use when F-* includes formula specifications.

Autogenerate validation functions from business rules (BR-*) that specify formats, patterns, ranges, or constraints. Use when BR-* includes validation specifications like regex patterns, min/max values, or allowed values.

Automated IT helper for detecting and fixing code issues. Use when code fails tests, linting, type-checking, or has security vulnerabilities. Enforces strict quality gates before accepting fixes.

Systematic approach to discovering subdomains through passive and active reconnaissance techniques

Autonomous AI system for generating complete novels from concept to publication-ready manuscript. Executes structured multi-phase workflow with minimal user intervention.

Controls Chrome browser: takes screenshots, clicks buttons, fills forms, downloads images, inspects pages, captures network requests, checks console errors, debugs API issues. Use when: 'screenshot', 'click', 'fill form', 'download image', 'check browser', 'look at screen', 'capture page', 'check for errors', 'debug network', 'API failing', 'console errors'. Provides MCP tool discovery for 70 tabz_* browser automation tools.

- [Relationship to the macOS automation skill](#relationship-to-the-macos-automation-skill)

JXA/AppleScript browser automation is legacy. JavaScript injection is disabled by default in modern Chrome. Modern alternatives: Selenium/ChromeDriver, Puppeteer, PyXA.

- **Standalone for Contacts:** Use this skill for Contacts-specific operations (querying, CRUD, groups).

- Standalone for Excel, but aligned with `automating-mac-apps` patterns.

- [Permissions and scope](#permissions-and-scope)