NextAuth.js v5の設定とカスタマイズパターン。 プロバイダー設定、アダプター統合、セッション戦略、 コールバックカスタマイズ、型安全性の確保を提供。 📖 参照書籍: - 『Web Application Security』(Andrew Hoffman): 脅威モデリング 📚 リソース参照: - `resources/Level1_basics.md`: レベル1の基礎ガイド - `resources/Level2_intermediate.md`: レベル2の実務ガイド - `resources/Level3_advanced.md`: レベル3の応用ガイド - `resources/Level4_expert.md`: レベル4の専門ガイド - `resources/legacy-skill.md`: 旧SKILL.mdの全文 - `resources/provider-configurations.md`: NextAuth.js Provider Configurations - `resources/session-callbacks-guide.md`: NextAuth.js Session Callbacks Guide - `scripts/log_usage.mjs`: 使用記録・自動評価スクリプト - `scripts/validate-nextauth-config.mjs`: NextAuth.js設定ファイルの妥当性検証とプロバイダー設定・コールバック実装の検査スクリプト - `scripts/validate-skill.mjs`: スキル構造検証スクリプト - `templates/nextauth-config-template.ts`: Google/GitHub OAuth統合・Drizzleアダプター・JWT/Databaseセッション戦略を含むauth.ts設定テンプレート Use proactively when handling nextauth patterns tasks.
ファイル監視システムのセキュリティ対策とプロダクション環境での安全な運用パターン。 最小権限の原則、Defense in Depth、Fail-Safe Defaultsに基づく多層防御設計を提供。 専門分野: 📖 参照書籍: - 『Web Application Security』(Andrew Hoffman): 脅威モデリング 📚 リソース参照: - `resources/Level1_basics.md`: レベル1の基礎ガイド - `resources/Level2_intermediate.md`: レベル2の実務ガイド - `resources/Level3_advanced.md`: レベル3の応用ガイド - `resources/Level4_expert.md`: レベル4の専門ガイド - `resources/legacy-skill.md`: 旧SKILL.mdの全文 - `resources/threat-model.md`: threat-model の詳細ガイド - `scripts/log_usage.mjs`: 使用記録・自動評価スクリプト - `scripts/security-audit.sh`: セキュリティを監査するスクリプト - `scripts/validate-skill.mjs`: スキル構造検証スクリプト - `templates/secure-watcher.ts`: secure-watcher のテンプレート - `resources/requirements-index.md`: 要求仕様の索引(docs/00-requirements と同期) Use proactively when handling file watcher security tasks.
認証・認可機構のセキュリティ評価とベストプラクティスを提供します。 ブルース・シュナイアーの『Secrets and Lies』とOAuth 2.0仕様に基づき、 認証メカニズム、セッション管理、アクセス制御、JWT/トークンセキュリティの 包括的な評価基準と実装ガイダンスを提供します。 使用タイミング: - 認証システムのセキュリティレビュー時 - OAuth/OpenID Connect実装の評価時 - セッション管理とトークンセキュリティの設計時 - アクセス制御(RBAC/ABAC)の実装評価時 - JWT署名アルゴリズムとトークン管理の検証時 Use this skill when reviewing authentication code, designing authorization systems, or validating token security implementations. 📚 リソース参照: このスキルには以下のリソースが含まれています。 必要に応じて該当するリソースを参照してください: - `.claude/skills/authentication-authorization-security/resources/access-control-models.md`: RBAC/ABAC/ACLアクセス制御モデルの詳細比較と選択基準 - `.claude/skills/authentication-authorization-security/resources/jwt-security-checklist.md`: JWT署名アルゴリズム選択とトークンセキュリティ検証項目 - `.claude/skills/authentication-authorization-security/resources/oauth2-flow-comparison.md`: OAuth 2.0フロー(Authorization Code、PKCE等)の選択決定ツリー - `.claude/skills/authentication-authorization-security/resources/password-hashing-guide.md`: bcrypt/argon2/scryptハッシュアルゴリズムの設定と実装ガイド - `.claude/skills/authenti
Automated service deployment with validation, templating, and verification - use when deploying new services, updating existing deployments, or troubleshooting deployment issues
Manages authentication flow for MutuaPIX (Laravel Sanctum + Next.js), handles mock mode security, and validates environment configurations
Zero Trust Security原則に基づく機密情報管理スキル。 📚 リソース参照: このスキルには以下のリソースが含まれています。 必要に応じて該当するリソースを参照してください: - `.claude/skills/zero-trust-security/resources/continuous-verification-implementation.md`: Continuous Verification Implementationリソース - `.claude/skills/zero-trust-security/resources/jit-access-patterns.md`: Jit Access Patternsリソース - `.claude/skills/zero-trust-security/resources/rbac-implementation.md`: Rbac Implementationリソース - `.claude/skills/zero-trust-security/templates/access-policy-template.yaml`: Access Policyテンプレート
Manage architectural decisions and insights in memory.jsonl. Use when you need to document strategic decisions, lessons learned, fixed problems, or architectural insights.
Senior Next.js 15+/16 Engineer skill for App Router. Use when scaffolding production apps, enforcing RSC patterns, auditing codebases, or optimizing performance.
Implement production-ready features across database, backend, and frontend layers with incremental phased approach
评估、评分并改进 .codex/skills 下的已有技能。适用于用户要求审查、优化或重构 skills 的场景。
This skill enables Claude to conduct a security-focused code review using the security-agent plugin. It analyzes code for potential vulnerabilities like SQL injection, XSS, authentication flaws, and insecure dependencies. Claude uses this skill when the user explicitly requests a security audit, asks for a code review with a focus on security, or mentions security concerns related to code. The security-agent plugin then provides structured security findings with severity ratings, code locations, impact assessments, and remediation guidance.
Comprehensive security vulnerability analysis for codebases and infrastructure. Scans dependencies (npm, pip, gem, go, cargo), containers (Docker, Kubernetes), cloud IaC (Terraform, CloudFormation), and detects secrets exposure. Fetches live CVE data from OSV.dev, calculates risk scores, and generates phased remediation plans with TDD validation tests. Use when users mention security scan, vulnerability, CVE, exploit, security audit, penetration test, OWASP, hardening, dependency audit, container security, or want to improve security posture.
This skill should be used when the user asks to "generate audit logs", "create HIPAA audit trail", "log healthcare events", "configure audit logging", "track PHI access", "maintain compliance logs", "audit log format", "healthcare event logging", "access control logging", "authentication logging", "HIPAA logging requirements", or mentions HIPAA audit trails, healthcare event logging, compliance logging, PHI access tracking, authentication auditing, or §164.312(b) logging requirements.
Stacks blockchain development intelligence for Codex.
Runbook for working in the AGILab repo (uv, Streamlit, run configs, packaging, troubleshooting).
Get details about a specific eval run. Requires authentication. Use for Agentuity cloud platform operations
This skill should be used when the user asks to "scan for PHI", "detect PII", "HIPAA compliance check", "audit for protected health information", "find sensitive healthcare data", "generate HIPAA audit report", "check code for PHI leakage", "scan logs for PHI", "check authentication on PHI endpoints", "scan FHIR resources", "check HL7 messages", or mentions PHI detection, HIPAA compliance, healthcare data privacy, medical record security, logging PHI violations, authentication checks for health data, or healthcare data formats (FHIR, HL7, CDA).
Detects non-functional "theater" code that appears complete but doesn't actually work. Use this skill to identify code that looks correct in static analysis but fails during execution, preventing fake implementations from reaching production. Scans for suspicious patterns, validates actual functionality, and reports findings with recommendations.
```mermaid
{% include [announce](../_includes/announce.md) %}