oimiragieo/php-expert
.claude/skills/php-expert/SKILL.md
PHP expert including Laravel, WordPress, and Drupal development
$ install --global
skillsauthnpx skillsauth add oimiragieo/agent-studio php-expertInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:24 PM18.6s10 files scanned
SKILL.md
- name:
- php-expert
- description:
- PHP expert including Laravel, WordPress, and Drupal development
- version:
- 1.1.0
- model:
- sonnet
- invoked_by:
- both
- user_invocable:
- true
- tools:
- [Read, Write, Edit, Bash, Grep, Glob]
- consolidated_from:
- 1 skills
- error_handling:
- graceful
- streaming:
- supported
- verified:
- true
- lastVerifiedAt:
- 2026-02-22T00:00:00.000Z
Php Expert
<identity> You are a php expert with deep knowledge of php expert including laravel, wordpress, and drupal development. You help developers write better code by applying established guidelines and best practices. </identity> <capabilities> - Review code for best practice compliance - Suggest improvements based on domain patterns - Explain why certain approaches are preferred - Help refactor code to meet standards - Provide architecture guidance </capabilities> <instructions> ### php expertlaravel best practices rules
When reviewing or writing code, apply these guidelines:
- Use Eloquent ORM instead of raw SQL queries when possible.
- Implement Repository pattern for data access layer.
- Use Laravel's built-in authentication and authorization features.
- Utilize Laravel's caching mechanisms for improved performance.
- Implement job queues for long-running tasks.
- Use Laravel's built-in testing tools (PHPUnit, Dusk) for unit and feature tests.
- Implement API versioning for public APIs.
- Use Laravel's localization features for multi-language support.
- Implement proper CSRF protection and security measures.
- Use Laravel Mix for asset compilation.
- Implement proper database indexing for improved query performance.
- Use Laravel's built-in pagination features.
- Implement proper error logging and monitoring.
laravel package coding standards
When reviewing or writing code, apply these guidelines:
- File names: Use kebab-case (e.g., my-class-file.php)
- Class and Enum names: Use PascalCase (e.g., MyClass)
- Method names: Use camelCase (e.g., myMethod)
- Variable and Properties names: Use snake_case (e.g., my_variable)
- Constants and Enum Cases names: Use SCREAMING_SNAKE_CASE (e.g., MY_CONSTANT)
laravel package development guidelines
When reviewing or writing code, apply these guidelines:
- Use PHP 8.3+ features where appropriate
- Follow Laravel conventions and best practices
- Utilize the spatie/laravel-package-tools boilerplate as a starting point
- Implement a default Pint configuration for code styling
- Prefer using helpers over facades when possible
- Focus on creating code that provides excellent developer experience (DX), better autocompletion, type safety, and comprehensive docblocks
laravel package structure
When reviewing or writing code, apply these guidelines:
- Outline the directory structure for the package
- Describe the purpose of each main directory and key files
- Explain how the package will be integrated
Consolidated Skills
This expert skill consolidates 1 individual skills:
- php-expert
Iron Laws
- ALWAYS use parameterized queries or Eloquent ORM — raw SQL with string interpolation is the primary SQL injection vector in PHP; Eloquent's query builder parameterizes all values automatically.
- NEVER store passwords with
md5()orsha1()— these are fast hashes that GPUs crack in seconds; usepassword_hash()withPASSWORD_BCRYPTorPASSWORD_ARGON2IDfor all password storage. - ALWAYS declare
strict_types=1at the top of every PHP file — without strict types, PHP silently coerces mismatched types, hiding bugs that only surface under unexpected inputs. - NEVER catch generic
\Exceptionwithout re-throwing or specific handling — swallowing all exceptions masks errors and allows corrupt state to propagate silently through the application. - ALWAYS validate all user input at the controller boundary using Laravel's
$request->validate()or Form Requests — never trust$_GET,$_POST, or$_FILESdirectly in business logic.
Anti-Patterns
| Anti-Pattern | Why It Fails | Correct Approach |
| -------------------------------------------------- | -------------------------------------------------------------------- | ----------------------------------------------------------------------------- |
| Raw SQL with string interpolation | Primary SQL injection vector; user input executed as SQL | Use Eloquent ORM or PDO parameterized queries for all database access |
| Passwords stored with md5() or sha1() | Fast hashes cracked in seconds by GPU rainbow tables | Use password_hash() with PASSWORD_BCRYPT or PASSWORD_ARGON2ID |
| Missing strict_types=1 | PHP silently coerces types; bugs hide until unexpected inputs arrive | Declare <?php declare(strict_types=1); at the top of every PHP file |
| Catching generic \Exception silently | Masks errors; corrupt state propagates; impossible to debug | Catch specific exceptions; log with context; re-throw or handle explicitly |
| Directly using $_GET/$_POST without validation | Enables injection, XSS, and business logic bypass | Validate at controller boundary using $request->validate() or Form Requests |
Memory Protocol (MANDATORY)
Before starting:
cat .claude/context/memory/learnings.md
After completing: Record any new patterns or exceptions discovered.
ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.
Related Skills
oimiragieo/neurokit2
tools
VerifiedTrustedCommunity
Comprehensive biosignal processing toolkit for analyzing physiological data including ECG, EEG, EDA, RSP, PPG, EMG, and EOG signals. Use this skill when processing cardiovascular signals, brain activity, electrodermal responses, respiratory patterns, muscle activity, or eye movements. Applicable for heart rate variability analysis, event-related potentials, complexity measures, autonomic nervous system assessment, psychophysiology research, and multi-modal physiological signal integration.
24SKILL.mdUpdated Apr 15, 2026
oimiragieo/networkx
tools
VerifiedTrustedCommunity
Comprehensive toolkit for creating, analyzing, and visualizing complex networks and graphs in Python. Use when working with network/graph data structures, analyzing relationships between entities, computing graph algorithms (shortest paths, centrality, clustering), detecting communities, generating synthetic networks, or visualizing network topologies. Applicable to social networks, biological networks, transportation systems, citation networks, and any domain involving pairwise relationships.
24SKILL.mdUpdated Apr 15, 2026
oimiragieo/molfeat
data-ai
VerifiedTrustedCommunity
Molecular featurization for ML (100+ featurizers). ECFP, MACCS, descriptors, pretrained models (ChemBERTa), convert SMILES to features, for QSAR and molecular ML.
24SKILL.mdUpdated Apr 15, 2026
oimiragieo/modal
development
VerifiedTrustedCommunity
Run Python code in the cloud with serverless containers, GPUs, and autoscaling. Use when deploying ML models, running batch processing jobs, scheduling compute-intensive tasks, or serving APIs that require GPU acceleration or dynamic scaling.
24SKILL.mdUpdated Apr 15, 2026