Security & Testing Habilidades de Claude

Environment Key Reader

Lists environment variable names to verify configurations without exposing sensitive values or secrets.

Production Test Infrastructure Architect

Implements robust, production-grade test infrastructure and automated suites following strict TDD principles and TypeScript best practices.

BD Test Design

Designs and implements comprehensive, behavior-driven software tests across multiple platforms and testing scopes.

Test Design & Strategy

Designs and implements comprehensive software test suites using advanced heuristics and industry-standard patterns.

Web Application Testing Toolkit

Enables automated end-to-end testing and UI interaction for local web applications using Playwright and integrated server management.

Systematic Debugging

Enforces a rigorous four-phase debugging methodology to identify root causes and implement permanent fixes for complex software issues.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure high-quality, verified production code through test-first implementation.

WebSpec Authentication & Authorization

Manages secure OAuth 2.0 flows, JWT token structures, and biometric device binding for the WebSpec ecosystem.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, mocking, and test-driven development best practices.

Django Access Control & IDOR Review

Conducts deep security investigations into Django and DRF authorization logic to identify and prevent Insecure Direct Object Reference (IDOR) vulnerabilities.

Sharp Edges API & Security Auditor

Identifies error-prone API designs, dangerous configurations, and security footguns to ensure code follows secure-by-default principles.

OWASP Security Standards

Reviews and implements code according to the latest OWASP security benchmarks, including Top 10:2025 and Agentic AI safety guidelines.

Fuzzing Dictionary Guide

Guides fuzz testing by providing domain-specific tokens to reach deeper code paths in parsers and protocols.

Cairo/StarkNet Security Scanner

Scans Cairo smart contracts for critical vulnerabilities including arithmetic overflows, L1-L2 messaging flaws, and signature replay attacks.

Cosmos Blockchain Security Scanner

Audits Cosmos SDK modules and CosmWasm smart contracts for consensus-critical vulnerabilities and security risks.

Verification Before Completion

Enforces rigorous verification protocols and evidence-based reporting before any task or code change is claimed as complete.

LibAFL Fuzzing Library

Builds modular, high-performance custom fuzzers using the LibAFL framework for advanced security testing and research.

Systematic Debugging

Implements a rigorous four-phase framework to identify root causes and eliminate trial-and-error debugging during development.

Semgrep Rule Creator

Generates and validates production-quality Semgrep rules to detect security vulnerabilities and complex code patterns using a test-driven approach.

Fuzzing Obstacle Bypass

Patches codebases to bypass checksums, non-deterministic states, and validation barriers to improve fuzzer coverage.

Insecure Defaults Detector

Audits codebase for fail-open security vulnerabilities and weak default configurations that risk production exposure.

Wycheproof Crypto Validator

Validates cryptographic implementations using extensive test vectors to protect against known attacks and edge cases.

Fix Review

Verifies that security audit remediation commits correctly address findings without introducing new bugs.

Algorand Vulnerability Scanner

Audits Algorand smart contracts for 11 critical security vulnerabilities, including rekeying attacks and unchecked transaction fields.

C2 Beaconing Frequency Analysis

Identifies command-and-control beaconing patterns in network traffic using statistical frequency analysis and jitter calculation.

Vulnerability Remediation SLA Implementation

Establishes and enforces standardized timeframes for patching security vulnerabilities based on severity, threat context, and asset criticality.

WAF Rule Creator

Generates and validates production-ready Web Application Firewall (WAF) rules to enhance web security and compliance.

Semgrep Static Analysis

Scans codebases for security vulnerabilities, bugs, and style violations using fast, pattern-based static analysis.

Solana Vulnerability Scanner

Scans Solana and Anchor programs to identify and remediate critical security vulnerabilities including arbitrary CPI and improper PDA validation.

Codebase Verification

Executes a comprehensive suite of codebase checks including builds, types, linting, and tests to ensure production readiness.