// Proactive security scanning. Triggers when modifying auth, API endpoints, user data, or sensitive operations.
Proactive code quality review. Triggers on significant code changes to check security, performance, architecture, and project patterns.
Capture learnings after tasks. Triggers on task completion, repeated mistakes, retrospective requests, or "what did I learn".
SDLC workflow with MCP tools. Triggers on "start", "implement", "work on", or unclear workflow.
Git workflow management. Triggers when creating branches, preparing PRs, or managing merge decisions.
Proactive OpenAPI workflow. Triggers when OpenAPI spec files are modified to validate, regenerate code, and verify builds.
Systematic debugging with 4-phase root cause analysis. Triggers when bugs are reported, errors encountered, or unexpected behavior observed.
| name | security-scan |
| description | Proactive security scanning. Triggers when modifying auth, API endpoints, user data, or sensitive operations. |
Automatically scans for security issues when security-sensitive code is modified.
This skill should activate when:
# Run security scan
cd backend && make security-scan
# Check for vulnerabilities
cd backend && make vuln-check
# Check npm vulnerabilities
cd web && npm audit
# Check for secrets
grep -r "api_key\|secret\|password" web/src/
## Security Scan Results
### Critical Vulnerabilities
- [Immediate action required]
### High Risk Issues
- [Should be fixed before deploy]
### Medium Risk Issues
- [Should be addressed soon]
### Recommendations
- [Security best practices]
See docs/SECURITY.md for detailed security requirements.