faysilalshareef/scalar
skills/api/scalar/SKILL.md
Use when configuring Scalar API documentation UI for a .NET project.
$ install --global
skillsauthnpx skillsauth add faysilalshareef/dotnet-ai-kit scalarInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 18, 2026, 3:00 AM157.9s1 file scanned
SKILL.md
- name:
- scalar
- description:
- Use when configuring Scalar API documentation UI for a .NET project.
- category:
- api
- agent:
- api-designer
- when_to_use:
- When setting up Scalar API documentation with authentication and theming
Scalar API Documentation
Setup (.NET 9+)
namespace {Company}.{Domain}.Api.Extensions;
public static class OpenApiExtensions
{
public static IServiceCollection AddOpenApiDocumentation(
this IServiceCollection services, IWebHostEnvironment environment)
{
services.AddOpenApi("v1", options =>
{
options.AddDocumentTransformer<BearerSecuritySchemeTransformer>();
});
return services;
}
public static IApplicationBuilder UseOpenApiDocumentation(
this IApplicationBuilder app, IWebHostEnvironment environment)
{
app.MapOpenApi();
app.MapScalarApiReference(options =>
{
options
.WithTitle("{Company} {Domain} API")
.WithTheme(ScalarTheme.BluePlanet)
.WithDefaultHttpClient(ScalarTarget.CSharp, ScalarClient.HttpClient);
});
return app;
}
}
Bearer Security Scheme Transformer
internal sealed class BearerSecuritySchemeTransformer(
IAuthenticationSchemeProvider provider)
: IOpenApiDocumentTransformer
{
public async Task TransformAsync(
OpenApiDocument document,
OpenApiDocumentTransformerContext context,
CancellationToken ct)
{
var schemes = await provider.GetAllSchemesAsync();
if (schemes.Any(s => s.Name == "Bearer"))
{
var requirements = new Dictionary<string, OpenApiSecurityScheme>
{
["Bearer"] = new()
{
Type = SecuritySchemeType.Http,
Scheme = "bearer",
BearerFormat = "JWT"
}
};
document.Components ??= new();
document.Components.SecuritySchemes = requirements;
}
}
}
Basic Auth Protection (Production)
namespace {Company}.Gateways.Common.Scalar;
public sealed class ScalarBasicAuthMiddleware(
RequestDelegate next,
IOptions<ScalarAuthorizationOptions> options)
{
public async Task InvokeAsync(HttpContext context)
{
if (IsLocalRequest(context))
{
await next(context);
return;
}
var authHeader = context.Request.Headers.Authorization.ToString();
if (!ValidateBasicAuth(authHeader, options.Value))
{
context.Response.StatusCode = 401;
context.Response.Headers.WWWAuthenticate = "Basic realm=\"API Docs\"";
return;
}
await next(context);
}
private static bool IsLocalRequest(HttpContext context) =>
IPAddress.IsLoopback(context.Connection.RemoteIpAddress!);
}
Program.cs Integration
builder.Services.AddOpenApiDocumentation(builder.Environment);
var app = builder.Build();
app.UseOpenApiDocumentation(app.Environment);
Anti-Patterns
| Anti-Pattern | Correct Approach |
|---|---|
| Swagger UI for new projects | Use Scalar with MapScalarApiReference |
| Exposing docs without auth | Use ScalarBasicAuthMiddleware |
| Missing Bearer scheme | Add BearerSecuritySchemeTransformer |
Detect Existing Patterns
grep -r "MapScalarApiReference\|AddOpenApi\|MapOpenApi" --include="*.cs"
grep -r "SwaggerUI\|UseSwagger" --include="*.cs" # Legacy check
Adding to Existing Project
- If project uses Swagger, migrate to Scalar (or keep Swagger if team prefers)
- Add
AddOpenApi()in services andMapScalarApiReference()in pipeline - Add
BearerSecuritySchemeTransformerif JWT auth is used
Related Skills
faysilalshareef/verification-gate
data-ai
VerifiedTrustedCommunity
Use when about to claim work is complete, fixed, passing, or ready — before committing, creating PRs, or moving to the next task. Requires running verification commands and confirming output before making any success claims.
2SKILL.mdUpdated Jun 1, 2026
faysilalshareef/systematic-debugging
development
VerifiedTrustedCommunity
Use when encountering any bug, test failure, build error, or unexpected behavior — before proposing fixes or making changes.
2SKILL.mdUpdated Jun 1, 2026
faysilalshareef/session-management
development
VerifiedTrustedCommunity
Use when checkpointing, wrapping up, or handing off an AI-assisted development session.
2SKILL.mdUpdated Jun 1, 2026
faysilalshareef/sdd-lifecycle
development
VerifiedTrustedCommunity
Use when following the Specification-Driven Development lifecycle from plan through ship.
2SKILL.mdUpdated Jun 1, 2026