Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

tim-hub/auth

Name: auth
Author: tim-hub

personal/skills/auth/SKILL.md

npx skillsauth add tim-hub/powerball auth

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Auth Skills

A collection of skills responsible for implementing authentication and payment features.

Feature Details

| Feature | Details | |---------|--------| | Authentication | See references/authentication.md | | Payments | See references/payments.md |

Execution Steps

Quality Gate (Step 0)
Classify the user's request (authentication or payments)
Read the appropriate reference file from "Feature Details" above
Implement according to its contents

Step 0: Quality Gate (Security Checklist)

Authentication and payment features always carry high security risk. Always display the following before starting work:

🔐 Security Checklist

This work is security-critical. Please verify the following:

### Authentication
- [ ] Passwords are hashed (bcrypt/argon2)
- [ ] Session management is secure (HTTPOnly Cookie)
- [ ] CSRF protection is implemented
- [ ] Rate limiting (brute-force protection)

### Payments
- [ ] Sensitive information (card numbers, etc.) is not stored on the server
- [ ] Stripe/payment provider SDK is used correctly
- [ ] Webhook signature verification
- [ ] Amount tampering prevention (amounts finalized server-side)

### Common
- [ ] Error messages are not too detailed (prevent information leakage)
- [ ] Sensitive information is not logged

Security Severity Display

⚠️ Severity Level: 🔴 High

This feature carries the following risks:
- Credential leakage
- Unauthorized access
- Fraudulent payment operations

Expert review is recommended.

For VibeCoders

🔐 Building Login & Payment Features Safely

1. **Hash passwords**
   - Store passwords in an irreversible form
   - Data remains safe even if it leaks

2. **Do not store card information on your server**
   - Delegate to dedicated services like Stripe
   - Store nothing on your own server

3. **Keep error messages vague**
   - Use "Authentication failed" instead of "Wrong password"
   - Do not give hints to malicious actors

tim-hub/auth

personal/skills/auth/SKILL.md

Implements authentication, OAuth, sessions, payments, and billing. Use when adding auth flows, route protection, RBAC, or payment webhooks.

2 stars

development

Updated May 19, 2026

$ install --global

skillsauth

npx skillsauth add tim-hub/powerball auth

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 19, 2026, 6:06 AM157.1s3 files scanned

SKILL.md

name:: auth
description:: Implements authentication, OAuth, sessions, payments, and billing. Use when adding auth flows, route protection, RBAC, or payment webhooks.
when_to_use:: authentication, OAuth, login, signup, payments, Stripe, billing, subscriptions, route protection, RBAC
allowed-tools:: ["Read", "Write", "Edit", "Bash"]
user-invocable:: false

Auth Skills

A collection of skills responsible for implementing authentication and payment features.

Feature Details

| Feature | Details | |---------|--------| | Authentication | See references/authentication.md | | Payments | See references/payments.md |

Execution Steps

Quality Gate (Step 0)
Classify the user's request (authentication or payments)
Read the appropriate reference file from "Feature Details" above
Implement according to its contents

Step 0: Quality Gate (Security Checklist)

Authentication and payment features always carry high security risk. Always display the following before starting work:

🔐 Security Checklist

This work is security-critical. Please verify the following:

### Authentication
- [ ] Passwords are hashed (bcrypt/argon2)
- [ ] Session management is secure (HTTPOnly Cookie)
- [ ] CSRF protection is implemented
- [ ] Rate limiting (brute-force protection)

### Payments
- [ ] Sensitive information (card numbers, etc.) is not stored on the server
- [ ] Stripe/payment provider SDK is used correctly
- [ ] Webhook signature verification
- [ ] Amount tampering prevention (amounts finalized server-side)

### Common
- [ ] Error messages are not too detailed (prevent information leakage)
- [ ] Sensitive information is not logged

Security Severity Display

⚠️ Severity Level: 🔴 High

This feature carries the following risks:
- Credential leakage
- Unauthorized access
- Fraudulent payment operations

Expert review is recommended.

For VibeCoders

🔐 Building Login & Payment Features Safely

1. **Hash passwords**
   - Store passwords in an irreversible form
   - Data remains safe even if it leaks

2. **Do not store card information on your server**
   - Delegate to dedicated services like Stripe
   - Store nothing on your own server

3. **Keep error messages vague**
   - Use "Authentication failed" instead of "Wrong password"
   - Do not give hints to malicious actors

Related Skills

tim-hub/choosing-k8s-release-strategy

testing

VerifiedTrustedCommunity

Picks the right Kubernetes Deployment update strategy (RollingUpdate / Recreate / Blue-Green / Canary) for the situation. Use when configuring a new Deployment, changing rollout config, or deciding how to ship a risky change.

2SKILL.mdUpdated May 25, 2026

tim-hub/choosing-k8s-release-strategy

tim-hub/translate-markdown

tools

VerifiedTrustedCommunity

Translates a markdown file to a target language, preserving structure. Use when the user needs a markdown file translated.

2SKILL.mdUpdated May 21, 2026

tim-hub/translate-markdown

tim-hub/language-translate

development

VerifiedTrustedCommunity

Translates text between any two languages while preserving source format. Use when the user needs to translate plain text, code, or markdown content.

2SKILL.mdUpdated May 21, 2026

tim-hub/language-translate

tim-hub/creative-writing

testing

VerifiedTrustedCommunity

Generates written content — blog posts, social posts, emails, and marketing copy — matched to the project's existing voice. Use when the user needs written material.

2SKILL.mdUpdated May 21, 2026

tim-hub/creative-writing

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/tim-hub/powerball.git

# Copy into Claude Code skills folder (global)
cp -r powerball/personal/skills/auth ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

tim-hub/powerball

2 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT