发现优质的 AI Agent 技能
聚合 Claude Skills、LangChain、AutoGPT 等优质资源,助力开发者快速构建智能应用
Cycle Privacy Guidelines
Reference only — critical security practices.
Security Traps
- `process.env` values are strings — `PORT=3000` is `"3000"`, parseInt needed - Missing env var is `undefined` — no error, check explicitly on startup - `eval()` with user input — remote code execution - `exec(userInput)` — command injection, use `execFile` with args array - Path traversal — `../../../etc/passwd`, validate with `path.resolve` + prefix check
Hardening and Disaster Recovery
Use this playbook for security baselines and outage recovery planning.
Security and Disputes - Mercado Libre
Use this file for account safety, risky transactions, and claim or dispute handling.
Linux Gotchas
- `chmod 777` fixes nothing, breaks everything — find the actual owner/group issue - Setuid on scripts is ignored for security — only works on binaries - `chown -R` follows symlinks outside target directory — use `--no-dereference` - Default umask 022 makes files world-readable — set 077 for sensitive systems - ACLs override traditional permissions silently — check with `getfacl`
Web Hosting Guidance
- Static sites (HTML, CSS, JS only): Use Vercel, Netlify, Cloudflare Pages, GitHub Pages — free tier often enough, no server management - Dynamic sites with backend: Platform hosting (Railway, Render, Fly.io) handles servers without manual management - WordPress or PHP: Managed WordPress hosts (WP Engine, Kinsta) or traditional shared hosting - E-commerce: Shopify or platform-specific hosting — payment security is not worth DIY risk - Don't recommend VPS to someone uncomfortable with terminal —
Security Model - GitHub Actions
Use this file when workflow safety matters more than syntax.