account-security
Account security - MFA, sessions, recovery. Use when protecting user accounts.
Best use case
account-security is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Account security - MFA, sessions, recovery. Use when protecting user accounts.
Teams using account-security should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/account-security/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How account-security Compares
| Feature / Agent | account-security | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Account security - MFA, sessions, recovery. Use when protecting user accounts.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Account Security Guideline ## Tech Stack * **Auth**: better-auth * **Framework**: Next.js ## Non-Negotiables * Session/device visibility and revocation must exist * All security-sensitive actions must be server-enforced and auditable * Account recovery must require step-up verification ## Context Account security is about giving users control over their own safety. Users should be able to see what's accessing their account, remove suspicious sessions, and understand when something unusual happens. But it's also about protecting users from threats they don't know about. Compromised credentials, session hijacking, social engineering attacks on support — these require proactive detection, not just user vigilance. ## Driving Questions * Can a user tell if someone else has access to their account? * What happens when an account is compromised — how fast can we detect and respond? * How does the recovery flow prevent social engineering attacks? * What security events should trigger user notification? * Where are we relying on user vigilance when we should be detecting threats? * What would a truly paranoid user want that we don't offer?
Related Skills
Build Your Cloud Security Skill
Create your cloud security skill in one prompt, then learn to improve it throughout the chapter
azure-security-keyvault-keys-dotnet
Azure Key Vault Keys SDK for .NET. Client library for managing cryptographic keys in Azure Key Vault and Managed HSM. Use for key creation, rotation, encryption, decryption, signing, and verification.
aws-security-audit
Comprehensive AWS security posture assessment using AWS CLI and security best practices
awesome-copilot-root-stackhawk-security-onboarding
Automatically set up StackHawk security testing for your repository with generated configuration and GitHub Actions workflow Use when: the task directly matches stackhawk security onboarding responsibilities within plugin awesome-copilot-root. Do not use when: a more specific framework or task-focused skill is clearly a better match.
astro-security
Security patterns for Astro lead generation websites on Cloudflare. Forms, headers, bot protection, GDPR. Use for any production lead gen site.
architecting-security
Design comprehensive security architectures using defense-in-depth, zero trust principles, threat modeling (STRIDE, PASTA), and control frameworks (NIST CSF, CIS Controls, ISO 27001). Use when designing security for new systems, auditing existing architectures, or establishing security governance programs.
arch-security-review
Use when reviewing code for security vulnerabilities, implementing authorization, or ensuring data protection.
appwrite-security-operations
Production security operations for Appwrite services. Use when defining security quality gates, runtime hardening, API key lifecycle management, dependency vulnerability control, and incident response workflows.
application-security
Secure applications against common vulnerabilities. Use when reviewing code for security, implementing security controls, or hardening applications. Covers OWASP Top 10.
api-security-testing
API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.
agent-security-manager
Agent skill for security-manager - invoke with $agent-security-manager
agent-security-engineer
Expert infrastructure security engineer specializing in DevSecOps, cloud security, and compliance frameworks. Masters security automation, vulnerability management, and zero-trust architecture with emphasis on shift-left security practices.