using-skills
Auto-loaded at session start via SessionStart hook. Teaches skill invocation protocol, tool selection rules (look-at for media, skills for workflows), agent delegation patterns, and enforcement mechanisms. NOT user-triggered - provides foundational skill usage discipline for all sessions.
subagent-driven-development
Use when executing implementation plans with independent tasks in the current session
context-optimization
Guide for managing and optimizing context in Claude Code. Use when experiencing slow responses, context warnings, or planning large tasks. Covers /compact, /clear, context budgeting, subagent delegation, and efficient session workflows.
headless-mode
Guide for using Claude Code programmatically via CLI flags and SDKs. Use for automation, CI/CD pipelines, scripting, and building tools on top of Claude Code. Covers --print mode, output formats, session management, and SDK integration.
context-summary
Use when context window is getting full. Creates a summary file and instructions for starting a new session.
fun-mode
Use when starting a session and wanting creative engagement, or when user says '/fun' or asks for a persona
resume
Restore context and momentum from previous sessions. Uses Pratyabhijñā (recognition) to understand where we were.
checkpoint
Capture a moment of clarity before moving forward. Use before /clear, risky changes, breakthroughs, or session boundaries.
greeting
Generate meaningful session greetings. The soul speaks from accumulated wisdom and current state.
implement-spec
Orchestrate spec-to-PR workflow with session tracking, worktree isolation, and audit trail
context-preservation-protocol-execution
Execute context preservation protocols for session continuity.
cross-session-integrity-check
Verify integrity of context and behavioral calibration across session boundaries.
better-auth
Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications. | Sử dụng khi xác thực, đăng nhập, login, auth, OAuth, session, bảo mật, phiên đăng nhập.
csrf-protection
Implement Cross-Site Request Forgery (CSRF) protection for API routes. Use this skill when you need to protect POST/PUT/DELETE endpoints, implement token validation, prevent cross-site attacks, or secure form submissions. Triggers include "CSRF", "cross-site request forgery", "protect form", "token validation", "withCsrf", "CSRF token", "session fixation".
authentication-authorization-clerk
Implement secure authentication and authorization using Clerk. Use this skill when you need to authenticate users, protect routes, check permissions, implement subscription-based access control, or integrate Clerk with your application. Triggers include "authentication", "auth", "authorization", "Clerk", "protect route", "check user", "sign in", "session", "permissions", "subscription access".
context-saver
Save session context to disk for seamless continuation in new chat sessions. This skill should be used when the user asks to save context, preserve work state, checkpoint progress, or prepare for session handoff. Triggers on "save context", "checkpoint", "save progress", "preserve state", or when explicitly asked to create a context file for later resumption. Optimizes for correctness, completeness, minimal size, and trajectory preservation.
project-spawn
Spawn a new Claude Code session in a project directory with context handoff. This skill should be used when discussion shifts to a different project/repo and the user wants to work on it in a dedicated session. Creates a handoff document with relevant context from the current conversation, then launches a new tmux session with Claude Code ready to continue.
advanced-statusline
Implement AI-powered statusline with session tracking, plan detection, workspace emojis, and intelligent caching for Claude Code
oracle
Best practices for using the oracle CLI (prompt + file bundling, engines, sessions, and file attachment patterns).
Broken Authentication Testing
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
