Authentication

x-api helps you work with the X/Twitter API for posting, reading timelines, search, and basic analytics. It guides auth choices, endpoint selection, and request shape for API Development tasks, including bearer-token reads and OAuth 1.0a write flows.

springboot-security is a practical Spring Boot security guide for authentication, authorization, validation, CSRF/CORS, secrets, headers, rate limiting, and dependency checks. Use the springboot-security skill for Security Audit work or to harden a Java service with fewer security misconfiguration risks.

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

The laravel-security skill is a practical Laravel security checklist for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment. Use it for audits, feature reviews, and hardening work in Laravel apps.

kotlin-ktor-patterns helps you build or refactor Ktor backends with routing DSL, plugins, authentication, Koin DI, kotlinx.serialization, WebSockets, and testApplication testing. Use this kotlin-ktor-patterns guide for maintainable Backend Development and clearer server structure.

The exploiting-jwt-algorithm-confusion-attack skill helps Security Audit workflows test JWT algorithm confusion, including RS256-to-HS256 downgrades, alg:none bypasses, and kid/jku/x5u header tricks. It is backed by a practical guide, reference examples, and a script for repeatable validation.

firebase-apk-scanner is a focused security audit skill for Android APKs that checks Firebase-backed apps for open databases, storage exposure, weak authentication, and unauthenticated Cloud Functions. Use it for authorized Firebase security audits when you need install-and-usage guidance and a clear path from APK review to validated findings.

azure-identity-ts helps TypeScript apps authenticate to Azure services with @azure/identity. Use this skill to choose the right credential for local development, production, CI/CD, managed identity, service principals, workload identity, or browser login. It is especially useful for Backend Development and clear azure-identity-ts guide workflows.

fastapi-router-py is a FastAPI routing scaffold for CRUD endpoints, auth dependencies, response models, and HTTP status codes. It helps Backend Development teams create consistent routers from a template instead of hand-writing each endpoint. Use it when you need predictable structure, reusable patterns, and less guesswork for new REST resources.

azure-keyvault-py is a Python Azure Key Vault skill for secrets, keys, and certificates. It helps backend development teams choose the right client, install the right packages, configure Azure credentials and environment variables, and follow a practical azure-keyvault-py guide for secure runtime access.

azure-identity-py helps set up Azure authentication in Python with Microsoft Entra ID. Use it to choose DefaultAzureCredential, managed identity, or service principal auth, configure environment variables, and troubleshoot access control and credential chain issues. Install guidance, usage patterns, and practical setup notes are based on the repo skill file.

azure-communication-common-java is a Java skill for Azure Communication Services shared authentication and identifiers. Use it for CommunicationTokenCredential, token refresh, and backend development with Chat, Calling, or other ACS clients. It includes install guidance, examples, and a practical azure-communication-common-java guide.

azure-identity-dotnet is a Microsoft Entra ID authentication skill for .NET Azure SDK clients. It covers DefaultAzureCredential, managed identity, service principals, and developer credentials, with guidance for install and usage in backend services, ASP.NET Core apps, and automation.

oauth helps you implement and troubleshoot OAuth 2.0/2.1 in Fastify apps for login, access tokens, PKCE, refresh tokens, and route protection. Use it as an oauth guide for backend development when you need practical oauth usage, install steps, and help resolving redirect URI, scope, CSRF, or token validation issues.

detecting-anomalous-authentication-patterns helps analyze authentication logs for impossible travel, brute force, password spraying, credential stuffing, and compromised-account activity. Built for Security Audit, SOC, IAM, and incident response workflows with baseline-aware detection and evidence-backed sign-in analysis.

The configuring-oauth2-authorization-flow skill helps you design and validate OAuth 2.0 authorization setups for Access Control, with Authorization Code + PKCE, Client Credentials, and Device Authorization Grant. Use this configuring-oauth2-authorization-flow guide to choose grants, set redirect URIs, review scopes, and align with OAuth 2.1 best practices.

configuring-ldap-security-hardening helps security engineers and auditors assess LDAP risks, including anonymous bind, weak signing, missing LDAPS, and channel binding gaps. Use this configuring-ldap-security-hardening guide to review the reference docs, run the Python audit helper, and produce practical remediation for a Security Audit.

building-identity-governance-lifecycle-process helps design identity governance and lifecycle management for joiner-mover-leaver automation, access reviews, role-based provisioning, and orphaned account cleanup. It fits cross-system Access Control programs that need practical workflow guidance, not a generic policy draft.

security skill for OWASP patterns, secrets management, and security testing. Use it to review auth, user input, API keys, env vars, and repo hygiene, especially for Security Audit work.

setup-browser-cookies helps an agent import cookies from a real Chromium browser into a headless session. It supports authenticated QA and browser automation by reusing an existing login state, with an interactive domain picker to control which cookies are imported. Use it when you need setup-browser-cookies usage for logged-in pages, not a fresh credential flow.

azure-identity-rust helps Rust apps authenticate to Azure SDK clients with Microsoft Entra ID. This skill covers install, usage, and credential selection for backend development, local workflows, managed identity, and service principal auth. It also helps avoid deprecated azure_sdk_* crates and use official azure_* crates correctly.

azure-identity-java helps Java backend developers use Microsoft Entra ID authentication with Azure SDK clients. Learn the right credential for local dev, CI/CD, and Azure-hosted apps, including DefaultAzureCredential, managed identity, and service principal patterns.

entra-agent-id is a Microsoft Entra Agent ID preview skill for backend development teams building OAuth2-capable AI agent identities with Graph beta. It covers blueprint setup, blueprint principals, agent identities, permissions, sponsors, workload identity federation, and sidecar-based auth. Use it to understand entra-agent-id install, usage, and rollout constraints.