You'll reach for this when you're setting up OAuth flows, Connected Apps, or External Client Apps in Salesforce. It walks you through the Connected App versus ECA decision (newer orgs block new Connected Apps by default as of Spring '26), picks the right OAuth flow for your client type, and pulls from tested templates for JWT bearer, PKCE, device flow, and more. The 120-point security checklist is baked in, so you won't accidentally ship with Full scope or loose callback URLs. It knows the metadata folder quirks (`.ecaGlblOauth` not `.ecaGlobalOauth`, ECA security settings are retrieve-only) and won't let you proceed if deployment fails. Handles the multi-file ECA metadata sprawl cleanly.
npx skills add https://github.com/forcedotcom/sf-skills --skill configuring-connected-apps