toanpv-0639/backend-development
.claude/skills/backend-development/SKILL.md
Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
$ install --global
skillsauthnpx skillsauth add toanpv-0639/claudekit-engineer backend-developmentInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:45 AM105.1s12 files scanned
SKILL.md
- name:
- backend-development
- description:
- Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.
- license:
- MIT
- version:
- 1.0.0
Backend Development Skill
Production-ready backend development with modern technologies, best practices, and proven patterns.
When to Use
- Designing RESTful, GraphQL, or gRPC APIs
- Building authentication/authorization systems
- Optimizing database queries and schemas
- Implementing caching and performance optimization
- OWASP Top 10 security mitigation
- Designing scalable microservices
- Testing strategies (unit, integration, E2E)
- CI/CD pipelines and deployment
- Monitoring and debugging production systems
Technology Selection Guide
Languages: Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance) Frameworks: NestJS, FastAPI, Django, Express, Gin Databases: PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching) APIs: REST (simple), GraphQL (flexible), gRPC (performance)
See: references/backend-technologies.md for detailed comparisons
Reference Navigation
Core Technologies:
backend-technologies.md- Languages, frameworks, databases, message queues, ORMsbackend-api-design.md- REST, GraphQL, gRPC patterns and best practices
Security & Authentication:
backend-security.md- OWASP Top 10 2025, security best practices, input validationbackend-authentication.md- OAuth 2.1, JWT, RBAC, MFA, session management
Performance & Architecture:
backend-performance.md- Caching, query optimization, load balancing, scalingbackend-architecture.md- Microservices, event-driven, CQRS, saga patterns
Quality & Operations:
backend-testing.md- Testing strategies, frameworks, tools, CI/CD testingbackend-code-quality.md- SOLID principles, design patterns, clean codebackend-devops.md- Docker, Kubernetes, deployment strategies, monitoringbackend-debugging.md- Debugging strategies, profiling, logging, production debuggingbackend-mindset.md- Problem-solving, architectural thinking, collaboration
Key Best Practices (2025)
Security: Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers
Performance: Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling
Testing: 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests
DevOps: Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing
Quick Decision Matrix
| Need | Choose | |------|--------| | Fast development | Node.js + NestJS | | Data/ML integration | Python + FastAPI | | High concurrency | Go + Gin | | Max performance | Rust + Axum | | ACID transactions | PostgreSQL | | Flexible schema | MongoDB | | Caching | Redis | | Internal services | gRPC | | Public APIs | GraphQL/REST | | Real-time events | Kafka |
Implementation Checklist
API: Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling
Database: Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance
Security: OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords
Testing: Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)
Deployment: Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks
Resources
- OWASP Top 10: https://owasp.org/www-project-top-ten/
- OAuth 2.1: https://oauth.net/2.1/
- OpenTelemetry: https://opentelemetry.io/
Related Skills
toanpv-0639/payment-integration
development
VerifiedTrustedCommunity
Implement payment integrations with SePay (Vietnamese payment gateway with VietQR, bank transfers, cards) and Polar (global SaaS monetization platform with subscriptions, usage-based billing, automated benefits). Use when integrating payment processing, implementing checkout flows, managing subscriptions, handling webhooks, processing bank transfers, generating QR codes, automating benefit delivery, or building billing systems. Supports authentication (API keys, OAuth2), product management, customer portals, tax compliance (Polar as MoR), and comprehensive SDK integrations (Node.js, PHP, Python, Go, Laravel, Next.js).
8SKILL.mdUpdated Apr 17, 2026
toanpv-0639/mobile-development
development
VerifiedTrustedCommunity
Build modern mobile applications with React Native, Flutter, Swift/SwiftUI, and Kotlin/Jetpack Compose. Covers mobile-first design principles, performance optimization (battery, memory, network), offline-first architecture, platform-specific guidelines (iOS HIG, Material Design), testing strategies, security best practices, accessibility, app store deployment, and mobile development mindset. Use when building mobile apps, implementing mobile UX patterns, optimizing for mobile constraints, or making native vs cross-platform decisions.
8SKILL.mdUpdated Apr 17, 2026
toanpv-0639/mcp-management
tools
VerifiedTrustedCommunity
Manage Model Context Protocol (MCP) servers - discover, analyze, and execute tools/prompts/resources from configured MCP servers. Use when working with MCP integrations, need to discover available MCP capabilities, filter MCP tools for specific tasks, execute MCP tools programmatically, access MCP prompts/resources, or implement MCP client functionality. Supports intelligent tool selection, multi-server management, and context-efficient capability discovery.
8SKILL.mdUpdated Apr 17, 2026
toanpv-0639/mcp-builder
tools
VerifiedTrustedCommunity
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
8SKILL.mdUpdated Apr 17, 2026