Skip to main content
Run any Skill in Manus
with one click
afu-it
GitHub creator profile

afu-it

Repository-level view of 41 collected skills across 6 GitHub repositories.

skills collected
41
repositories
6
updated
2026-06-09
repository explorer

Repositories and representative skills

access-control-patterns
software-developers

Enterprise-grade access control patterns to prevent broken access control, IDOR, tenant data leaks, privilege escalation, and admin route exposure. Covers RBAC, ABAC, ownership checks, multi-tenant scoping, policy middleware, row-level security, and audit logging for Node.js, Cloudflare Workers, Laravel, and Python. Use when protecting routes, implementing roles, reviewing authorization, or fixing OWASP A01 findings.

2026-05-28
audit-logging-workers
software-developers

Add structured audit logging with immutable R2 storage to Cloudflare Workers. Creates a typed audit utility, instruments all API routes, deploys a tail worker for persistent log storage, and configures R2 bucket lock for tamper-resistance. Use when adding logging, audit trails, or PDPA compliance to a Cloudflare Workers project.

2026-05-28
auth-hardening
software-developers

Harden authentication systems against session fixation, brute-force attacks, and weak password storage. Covers bcrypt/argon2 hashing, JWT best practices, session management, and account lockout. Use when implementing login, fixing auth vulnerabilities, or reviewing authentication code.

2026-05-28
ci-security-gates
software-developers

Add CodeQL SAST, Gitleaks secret scanning, and dependency audit to any CI/CD pipeline. Blocks deployment if vulnerabilities or secrets are detected. Covers GitHub Actions, GitLab CI, and generic pipelines. Use when setting up CI security, adding SAST, preventing secret leaks, or hardening deployment pipelines.

2026-05-28
cors-configuration
software-developers

Configure CORS correctly to prevent credential leaks and unauthorized cross-origin access. Covers Express, Next.js, Cloudflare Workers, Laravel, and FastAPI. Use when setting up CORS, fixing preflight errors, or auditing cross-origin policies.

2026-05-28
data-encryption
software-developers

Encrypt personal data at rest and in transit to comply with PDPA 2024. Covers field-level encryption for PII, AES-256-GCM patterns, key management, and database column encryption for Node.js, Python, Laravel, and Cloudflare Workers. Use when storing sensitive user data, implementing encryption, or responding to PDPA compliance requirements.

2026-05-28
dependency-lockfile-audit
information-security-analysts

Detect typosquatting, malicious packages, and lockfile tampering in npm, pip, and composer dependencies. Covers lockfile integrity verification, known-malicious package detection, and supply chain attack prevention. Use when auditing dependencies, investigating suspicious packages, or hardening the supply chain.

2026-05-28
error-handling-security
software-developers

Prevent information leakage through error messages. Covers sanitized error responses, structured error handling, no stack traces in production, and safe logging patterns for Express, Next.js, Cloudflare Workers, Laravel, and FastAPI. Use when fixing verbose errors, implementing error handlers, or preventing stack trace leaks.

2026-05-28
Showing top 8 of 17 collected skills in this repository.
setup-stripe-malaysia
software-developers

Set up, build, debug, review, and explain Stripe payment gateway integrations for Malaysia. Use when working with Stripe Checkout Sessions, Payment Intents, Payment Links, Elements, webhooks, Stripe.js, Stripe CLI, refunds, sandbox/live setup, MYR payments, cards, FPX, GrabPay, and production readiness.

2026-05-25
setup-hitpay
software-developers

Set up, build, debug, review, and explain HitPay payment integrations using official HitPay docs, Payment Request API, hosted checkout, Drop-In UI, webhooks, HMAC-SHA256 signatures, sandbox/live setup, API keys, webhook salt, payment methods, plugins, refunds, recurring billing, payouts, platform APIs, and status page checks. Use when working with HitPay Malaysia, FPX, DuitNow, Touch 'n Go, cards, e-wallets, QR payments, Payment Links, API checkout, webhook settlement, refunds, or production readiness.

2026-05-25
setup-billplz
software-developers

Set up, build, debug, review, and explain Billplz payment integrations using Billplz API docs, help center, GitHub plugins, status pages, payment collections, payment forms, Payment Order payouts, X Signature callbacks/redirects, V5 checksums, sandbox/live setup, API Secret Key, Collection ID, and X Signature Key.

2026-05-25
setup-senangpay
software-developers

Set up, build, debug, review, and explain senangPay payment integrations using official senangPay guide pages, Manual Integration API, Direct API, callbacks, return URLs, query status APIs, refund API, sandbox/live setup, Merchant ID, Secret Key, Hash Type, shopping cart plugins, e-commerce integrations, recurring payments, payout API, tokenisation, split settlements, and DOKU migration references. Use when working with senangPay hosted checkout, payment forms, callbacks, SHA256/MD5 hash verification, Direct API client sessions, JavaScript Web SDK, FPX bank lists, refunds, package capabilities, sandbox testing, or senangPay dashboard setup.

2026-05-24
setup-fiuu
software-developers

Set up, build, debug, review, and explain Fiuu payment integrations using official Fiuu API specs, Seamless Integration, Inpage Checkout, Mobile XDK, SDKs, and shopping cart plugin references. Use when working with Fiuu hosted payment pages, payment requests, vcode/skey verification, Return URL, Notify/Notification URL, Callback URL, IPN ACK/retry behavior, payment status requery, refunds, captures, recurring/token payments, channel status, mobile Flutter/Android/iOS/React Native XDK, JavaScript Seamless Integration, Inpage Checkout, WooCommerce, Magento, OpenCart, WHMCS, Shopify, or Fiuu account/dashboard setup.

2026-05-24
malaysia-payment-gateway
software-developers

Build, debug, review, and explain Malaysia payment gateway integrations. Use when implementing checkout, payment links, hosted payment pages, redirects, callbacks, webhooks, HMAC/signature verification, idempotent settlement, paid-access unlocking, refunds, reconciliation, sandbox/live setup, or provider switching for Malaysian gateways such as CHIP Collect, Curlec/Razorpay, Xendit Malaysia, Bayarcash, BCL Pay, toyyibPay, Billplz, FPX, DuitNow QR, cards, or e-wallets.

2026-05-24
setup-bayarcash
software-developers

Set up, build, debug, and explain Bayarcash payment integrations using Bayarcash API docs, Web Impian API docs, Bayarcash PHP SDK, WordPress plugins, Boost.space integration links, and Bayarcash MCP server references. Use when working with Bayarcash API v2/v3, payment intents, FPX banks, DuitNow banks or wallets, portals, payment channels, callbacks/webhooks, checksums, transaction lookups, direct debit/e-Mandate flows, enterprise partner merchant/payout APIs, Laravel/PHP SDK usage, WordPress Bayarcash integrations, or Bayarcash MCP tooling.

2026-05-24
setup-bcl
software-developers

Set up, build, debug, review, and explain BCL payment gateway, BCL Pay, BCL Payment Link, BCL QR Terminal, BCL Forms, Bayarcash-linked setup, portal keys, transactions, webhooks, direct debit forms, client info, payment redirects, and BCL operating procedures using BCL docs.

2026-05-24
Showing top 8 of 12 collected skills in this repository.
safe-code
software-developers

Use when asked to run a full repo hygiene pass, full cleanup, or to maintain a repo in one go — and whenever the user invokes /safe-code or any wrapper of it (/skill:safe-code, /skills safe-code, $safe-code, @safe-code, or bare safe-code), including --continue to resume saved work and --save to finalize docs and commit. Also use for first-time project setup, restoring project context or session memory, dead-code audits, or agent-config trust checks.

2026-06-09
codebase-pruner
software-developers

Scan an entire codebase to detect and safely remove dead code such as unused functions, orphaned modules, unreferenced exports, stale configs, dead routes, and leftover workflow artifacts. Use when asked to clean up dead code, remove unused code, prune stale files, find orphaned modules, audit codebase bloat, or delete code left behind after a workflow or architecture change.

2026-06-09
safe-refactor-code
software-developers

Refactor code safely in small verified slices while keeping repo continuity docs in sync. Uses code-review graph tools for rename previews, impact radius, affected flows, and post-change review when available. Use when an agent is asked to refactor, restructure, clean up, remove or replace code, modernize modules, or do follow-up hygiene in a repo.

2026-06-09
senior-dev
software-developers

Senior engineer discipline layer for any coding task. Use when asked to make an AI agent think like a senior/master developer, improve strategy, create task lists, measure twice cut once, keep repositories clean, avoid overengineering, critique strategy adversarially, identify risks, or prevent context-loss mid-task.

2026-06-09
explore-codebase
software-developers

Navigate and understand codebase structure using the code-review graph. Use for repo orientation, AGENTS.md authoring, architecture mapping, or finding relevant code.

2026-06-01
build-graph
software-developers

Build or update the code review knowledge graph. Use before safe-code audits, refactors, reviews, debugging, or when the graph may be stale.

2026-05-09
debug-issue
software-developers

Systematically debug issues using graph-powered code navigation, recent-change detection, affected flows, and targeted verification.

2026-05-09
review-changes
software-quality-assurance-analysts-and-testers

Review working-tree, branch, or PR changes using graph change detection, blast-radius analysis, affected flows, and test coverage checks.

2026-05-09
Showing 6 of 6 repositories
All repositories loaded