Security & Testing Habilidades de Claude

Playwright Pro

Automates production-grade Playwright end-to-end testing with AI-driven generation, debugging, and framework migration tools.

Senior QA & Test Automation

Automates the generation of unit, integration, and end-to-end tests for React and Next.js applications while analyzing coverage gaps.

Senior Security Engineering

Provides a comprehensive security engineering toolkit for threat modeling, vulnerability analysis, and secure architecture design.

Skill Security Auditor

Audits and scans AI agent skills for security vulnerabilities, malicious code, and prompt injection risks before installation.

CISA Zero Trust Implementation

Implements the CISA Zero Trust Maturity Model v2.0 across identity, devices, networks, applications, and data pillars.

Ransomware Leak Site Intelligence

Monitors and analyzes ransomware data leak sites to track victim postings and extract actionable threat intelligence.

Test Coverage Analyzer

Identifies test coverage gaps across application surfaces and generates prioritized testing plans.

Binary Exploitation Analysis

Conducts detailed binary exploitation analysis and exploit development using pwntools and ROP techniques for security testing.

Accessibility Audit & Remediation

Audits, fixes, and verifies WCAG 2.2 Level A and AA compliance across modern web frameworks like React, Vue, and Angular.

PR Review Expert

Conducts structured, high-depth code reviews for GitHub and GitLab including security scans, performance analysis, and blast radius reporting.

Timesketch Forensic Timeline Builder

Builds collaborative forensic incident timelines using Timesketch to normalize and analyze multi-source event data for attack chain reconstruction.

Race Condition Vulnerability Exploiter

Identifies and tests race condition vulnerabilities in web applications using advanced single-packet attack techniques and Turbo Intruder scripts.

Automated IOC Enrichment & Threat Intel

Automates the enrichment of raw indicators of compromise with multi-source threat intelligence context to streamline security operations and reduce triage time.

JWT Security & Pentesting

Conducts comprehensive security assessments of JSON Web Token implementations to identify cryptographic weaknesses and authorization bypasses.

Azure Storage Security Auditor

Audits Azure Storage accounts for security vulnerabilities including public access, weak encryption, and outdated TLS versions using the Python SDK.

Endpoint DLP Implementation

Configures and deploys endpoint Data Loss Prevention (DLP) controls to safeguard sensitive information from unauthorized exfiltration.

BLE Security & Attack Detection

Analyzes and detects Bluetooth Low Energy security vulnerabilities, including sniffing, replay attacks, and encryption weaknesses.

Full-Scope Red Team Engagement

Facilitates end-to-end red team operations from reconnaissance and initial access to post-exploitation and reporting using MITRE ATT&CK tactics.

Active Directory Exploitation with BloodHound

Guides security professionals through mapping and exploiting complex Active Directory attack paths using BloodHound graph theory.

PR Review Expert

Conducts systematic, high-impact code reviews for GitHub and GitLab by analyzing security, breaking changes, and system-wide blast radius.

Risk Classification & Safety Gates

Implements a four-tier safety model to classify AI agent tasks by risk level and enforce appropriate verification gates.

IoT Security Assessment

Conducts comprehensive security audits of IoT ecosystems including hardware, firmware, and network protocols.

Container Image Provenance with Cosign

Secures software supply chains by implementing image signing, verification, and attestations using Sigstore Cosign.

Container Escape Detection

Audits Kubernetes environments to identify and prevent container escape vulnerabilities and security misconfigurations.

Analyzing Disk Image with Autopsy

Performs comprehensive digital forensic analysis and file recovery using the Autopsy platform and The Sleuth Kit.

Google Workspace Admin Security Hardening

Hardens Google Workspace environments using enterprise-grade security configurations, identity protection, and data loss prevention policies.

Ransomware Tabletop Exercise Facilitator

Plans and facilitates realistic ransomware tabletop exercises to test organizational incident response readiness and decision-making procedures.

Continuous Security Validation with BAS

Automates security control validation by safely emulating real-world attack techniques across the kill chain using Breach and Attack Simulation (BAS) tools.

Endpoint Vulnerability Remediation

Prioritizes, patches, and validates endpoint security vulnerabilities using risk-based scoring and automated deployment workflows.

Open Policy Agent (OPA) for Kubernetes Security

Implements and enforces fine-grained policy-as-code using Open Policy Agent (OPA) and Gatekeeper across Kubernetes clusters and CI/CD pipelines.