waynesutton/convex-security-check
Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling
Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling
npx skills add https://github.com/waynesutton/convexskills/tree/main/skills/convex-security-checkQuick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling
This repo contains 13 individual skills — each has its own dedicated page.
Prevent feature creep when building software, apps, and AI-powered products. Use this skill when planning features, reviewing scope, building MVPs, managing backlogs, or when a user says "just one more feature." Helps developers and AI agents stay focused, ship faster, and avoid bloated products.
Umbrella skill for all Convex development patterns. Routes to specific skills like convex-functions, convex-realtime, convex-agents, etc.
Building AI agents with the Convex Agent component including thread management, tool integration, streaming responses, RAG patterns, and workflow orchestration
Guidelines for building production-ready Convex apps covering function organization, query patterns, validation, TypeScript usage, error handling, and the Zen of Convex design philosophy
How to create, structure, and publish self-contained Convex components with proper isolation, exports, and dependency management
Scheduled function patterns for background tasks including interval scheduling, cron expressions, job monitoring, retry strategies, and best practices for long-running tasks
Complete file handling including upload flows, serving files via URL, storing generated files from actions, deletion, and accessing file metadata from system tables
Writing queries, mutations, actions, and HTTP actions with proper argument validation, error handling, internal functions, and runtime considerations
External API integration and webhook handling including HTTP endpoint routing, request/response handling, authentication, CORS configuration, and webhook signature validation
Schema migration strategies for evolving applications including adding new fields, backfilling data, removing deprecated fields, index migrations, and zero-downtime migration patterns
Patterns for building reactive apps including subscription management, optimistic updates, cache behavior, and paginated queries with cursor-based loading
Defining and validating database schemas with proper typing, index configuration, optional fields, unions, and migration strategies for schema changes
Deep security review patterns for authorization logic, data access boundaries, action isolation, rate limiting, and protecting sensitive operations
Security Scanner for Agent Skills
Active Directory ACL abuse playbook. Use when exploiting misconfigured AD permissions including GenericAll, WriteDACL, DCSync rights, shadow credentials, LAPS reading, GPO abuse, and BloodHound-guided attack paths.
Automate Optimoroute tasks via Rube MCP (Composio). Always search tools first for current schemas.
various things for claude code
Automate AI code quality fixes with an MCP server that runs ESLint, Prettier, and SonarQube checks and reports issues back to AI
传统相术图片分析技能 - 面相、手相、骨相、体相 | Chinese Physiognomy Image Analysis Skill