account-security
Account security - MFA, sessions, recovery. Use when protecting user accounts.
Best use case
account-security is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Account security - MFA, sessions, recovery. Use when protecting user accounts.
Teams using account-security should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/account-security/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How account-security Compares
| Feature / Agent | account-security | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Account security - MFA, sessions, recovery. Use when protecting user accounts.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Account Security Guideline ## Tech Stack * **Auth**: better-auth * **Framework**: Next.js ## Non-Negotiables * Session/device visibility and revocation must exist * All security-sensitive actions must be server-enforced and auditable * Account recovery must require step-up verification ## Context Account security is about giving users control over their own safety. Users should be able to see what's accessing their account, remove suspicious sessions, and understand when something unusual happens. But it's also about protecting users from threats they don't know about. Compromised credentials, session hijacking, social engineering attacks on support — these require proactive detection, not just user vigilance. ## Driving Questions * Can a user tell if someone else has access to their account? * What happens when an account is compromised — how fast can we detect and respond? * How does the recovery flow prevent social engineering attacks? * What security events should trigger user notification? * Where are we relying on user vigilance when we should be detecting threats? * What would a truly paranoid user want that we don't offer?
Related Skills
adhd-accountability
ADHD-optimized accountability for task tracking, abandonment detection, and interventions. Use when tracking tasks, detecting context switches, or providing accountability support.
plaid-accounts-expert
Expert on Plaid accounts and account management. Covers account data retrieval, balance checking, account types, multi-account handling, and account webhooks. Invoke when user mentions Plaid accounts, account balance, account types, or account management.
Accounts Reconciler
Automate account reconciliation by matching transactions, identifying discrepancies, and generating variance reports
accounts-payable-workflow
Эксперт AP workflow. Используй для процессов кредиторской задолженности, invoice processing, three-way matching и payment automation.
accountant-expert
Expert-level accounting, tax, financial reporting, and accounting systems
account-tiering
Use when defining ABM tiers, scoring logic, and coverage rules.
account-security-validation
Validate account security and authentication protocols.
account-qualification
Qualifies and tiers accounts based on signals, fit, and potential. Use this skill when building target lists, prioritizing accounts, identifying high-potential prospects, or defining ideal customer profile criteria.
account-plan
Create or update strategic account plan
account-onboarding
Онбординг нового рекламного аккаунта. Создаёт конфигурацию для оптимизации.
account-map-migration
Use when fixing legacy account-map component references or creating new components. Covers migration from dynamic account-map lookups to static account_map variable. Use when you see account-map remote-state references or need to set up provider configuration for a new component.
account_manager
安全地管理用户账号信息(CRUD)。支持存储密码、API Key、Cookies 等敏感信息,并支持 TOTP (MFA) 代码生成。**所有涉及凭证存储的操作必须优先使用此技能**,不可用于账号注册。