一键导入
fhir-api-client-security
Security review for plugins acting as FHIR API clients - token management, scope validation, and patient-scoped authorization
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Security review for plugins acting as FHIR API clients - token management, scope validation, and patient-scoped authorization
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Canvas SDK reference and documentation. Use whenever a question, claim, or piece of code touches Canvas SDK capabilities, API usage, implementation patterns, or testing — including quick conversational questions ("how do I ingest ADTs?", "what's the import for X?", "does Canvas support Y?"). The bundled docs are the source of truth; do not answer Canvas SDK questions from memory.
FHIR API reference and documentation for Canvas plugins that need to read or write data via FHIR endpoints
This skill should be used when the user asks to "write tests", "create tests", "generate tests", "unit tests", "pytest", "test guidelines", "testing rules", "test standards", "how to test", "test this code", "add tests", "validate tests", "check tests", "improve tests", or when working with Python test files. Provides comprehensive guidelines for creating pytest unit tests with 100% coverage following strict naming conventions, mock patterns, and parametrization standards.
Custom Data anti-patterns and corrections for Canvas plugins - unnecessary compatibility checks, misuse of AttributeHubs vs CustomModels
Database query optimization for Canvas plugins - N+1 detection, prefetch_related, select_related
Unit test authoring and coverage checking for Canvas plugins
| name | fhir-api-client-security |
| description | Security review for plugins acting as FHIR API clients - token management, scope validation, and patient-scoped authorization |
This skill provides security review guidelines for Canvas plugins that act as FHIR API clients. Use it to audit token management, scope usage, and patient-scoped authorization when your plugin calls Canvas FHIR APIs or external FHIR endpoints.
Use this skill when:
Http() to call FHIR APIsPatient.objects, etc.)Reference the fhir_client_context.txt file for detailed patterns including: