تشغيل أي مهارة في Manus
بنقرة واحدة
بنقرة واحدة
تشغيل أي مهارة في Manus بنقرة واحدة
ابدأ الآنsecurity
Secret hygiene, CSP, CSRF, webhook HMAC, session encryption.
النجوم٠
التفرعات٠
آخر تحديث٢٤ أبريل ٢٠٢٦ في ٢٢:٠٩
SKILL.md
readonly
أمر التثبيت
تنزيل
القائمة
Secret hygiene, CSP, CSRF, webhook HMAC, session encryption.
How to move an app component into the headless @jasonyangcis/core-ui library — headless conversion, cross-repo file checklist, treeshake sentinel, changeset, consumer wiring.
How to wire a new Builder.io-rendered route or model — fetch helper, route, registry, config.
Pattern for adding a server Route Handler under app/api/** — origin check, zod body, server-only deps, safe responses.
Builder.io Gen-2 SDK patterns — fetch, render, register, model guard, preview.
Tokens, cn(), focus rings, shadcn/ui (new-york), insert-menu groups.
TS strict, four-file folder pattern, import boundaries, no console.
| name | security |
| description | Secret hygiene, CSP, CSRF, webhook HMAC, session encryption. |
NEXT_PUBLIC_* reaches the browser.lib/env.ts (zod). Boot fails on invalid envs.Origin matches APP_ORIGIN via verifySameOrigin.crypto.timingSafeEqual on the raw body.HttpOnly, Secure (prod), SameSite=Lax, signed/encrypted with SESSION_SECRET./preview. Headers set in proxy.ts.utils/sanitize-html.ts. No dangerouslySetInnerHTML outside that helper.