secure
Security
This skill is for securing your app's code and data. For regulatory compliance (HIPAA, SOC 2, GDPR), use compliance. For pre-launch readiness checks, use go-live. For environment variable setup during deployment, use deploy. For database-level security (Row Level Security), use database.
Don't Do Yet
- Don't implement OAuth/SSO until you have paying customers who need it. Email + password is fine for launch.
- Don't buy a pentest until you have 1,000+ users or handle sensitive data (health, finance). This checklist is enough for MVP.
- Don't set up a Web Application Firewall (WAF) — your hosting platform (Vercel, Railway) handles this. You don't need Cloudflare yet.
- Don't build your own auth system. Use Supabase Auth, Clerk, or NextAuth. Rolling your own is how breaches happen.
Quick Start
More from whawkinsiv/claude-code-superpowers
monitor
Use this skill when the user needs to set up production monitoring, track app health, configure error alerts, or respond to incidents. Also use when the user says 'my app went down,' 'how do I know if something breaks,' 'set up alerts,' 'is my app healthy,' or 'I found out from a user that my site was down.' Covers error tracking, uptime monitoring, performance metrics, and incident response for SaaS applications.
39debug
Use this skill when features break, users report errors, deployments fail, or tests don't pass. Guides systematic debugging: reproducing bugs, gathering diagnostic info, reading error messages, and working with AI tools to fix issues efficiently.
32build
Use this skill when the user needs to build features with AI coding tools, choose between Claude Code, Lovable, Replit, or Cursor, write effective prompts for code generation, or iterate on AI-generated code. Covers tool selection, prompting strategies, and development workflows for non-technical founders.
29test
Use this skill when the user needs to test features before deployment, create test scenarios, find edge cases, or verify bug fixes. Covers manual testing workflows, cross-browser testing, edge case identification, and testing checklists for non-technical founders.
23optimize
Use this skill when the user's app feels slow, the codebase feels bloated, or after significant development work. Also use when the user says 'my app is slow,' 'clean up my code,' 'reduce bundle size,' 'my hosting bill is too high,' or 'everything feels sluggish.' Optimizes across four dimensions: Speed (page load, API response), Code (unused files, dead code), Database (orphaned data, schema hygiene), and Dependencies (package bloat, bundle size).
22design
Use this skill when the user needs to create a design system, establish UI patterns, improve visual hierarchy, refine interactions, or ensure visual consistency across their SaaS app. Covers design system management (CREATE/MODIFY/WORK WITHIN modes), screen-by-screen UI guidance, component selection, and spacing rules.
14