Security & Testing Claudeスキル

OWASP Security Auditor

Performs comprehensive security audits based on the OWASP Top 10 vulnerabilities using parallel subagent analysis.

GraphQL Security Auditor

Analyzes GraphQL endpoints and schemas for critical security vulnerabilities like introspection leaks, depth abuse, and missing authorization.

Coverage Analysis Pro

Analyzes code coverage metrics and implements testing patterns to improve software quality and reliability.

AppSec Security Fix Generator

Generates and applies production-ready code fixes for security vulnerabilities and findings identified within your codebase.

PASTA Threat Modeling

Conducts sequential, risk-centric threat modeling using the 7-stage PASTA framework to align security findings with business objectives.

PASTA Business Objectives Analysis

Defines business objectives and critical assets to anchor threat modeling in organizational impact.

LINDDUN Privacy Threat Analysis

Automates comprehensive privacy threat modeling using the LINDDUN framework to identify data protection risks and regulatory gaps.

Ark Dashboard & UI Testing

Automates Ark Dashboard UI testing and screenshot generation for pull requests using Playwright and Kubernetes.

SANS/CWE Top 25 Security Analyzer

Analyzes codebases for the SANS/CWE Top 25 most dangerous software weaknesses to identify and fix critical security vulnerabilities.

AppSec Fix Verification

Validates security remediations by re-running scanners and performing deep AI code analysis to confirm vulnerabilities are fully resolved.

Security Report Generator

Generates comprehensive security reports from vulnerability findings, scanner results, and analysis data.

Access Control Security Auditor

Analyzes source code to identify and remediate broken access control vulnerabilities including IDOR, CORS leaks, and privilege escalation.

AppSec Logging Auditor

Analyzes source code to identify security logging failures, sensitive data exposure in logs, and improper monitoring configurations.

Ark Vulnerability Fixer

Streamlines CVE research and automates security patch workflows for the Ark agentic resource platform.

API Security Audit

Analyzes REST and RPC APIs for security vulnerabilities aligned with the OWASP API Security Top 10.

File Upload Security Auditor

Secures applications by identifying file upload vulnerabilities like path traversal, zip slip, and missing server-side validation.

Fuzz Test Generation

Generates intelligent, context-aware fuzz test inputs and security test cases by analyzing application input parsers and data handlers.

MITRE ATT&CK Security Mapper

Enriches security findings by mapping vulnerabilities to the MITRE ATT&CK framework to visualize threat patterns and attack chains.

SSRF Security Audit

Analyzes source code to identify and mitigate Server-Side Request Forgery (SSRF) vulnerabilities and unauthorized internal network access.

Ark Security Issue Resolver

Identifies and remediates common security vulnerabilities and penetration testing findings within the Ark framework.

Ark Chainsaw Testing

Executes and authors end-to-end tests for Ark agentic resources using the Chainsaw testing framework.

Security Explainer

Explains complex security frameworks, vulnerability categories, and specific findings using real-world examples from your own codebase.

AppSec Security Dashboard

Visualizes the current security posture of a project by aggregating scan results and tracking code changes since the last audit.

Repudiation & Audit Analysis

Analyzes source code for repudiation threats by identifying missing audit logs, insufficient event tracking, and log tampering vulnerabilities.

Race Condition Security Auditor

Analyzes source code to detect and remediate complex concurrency vulnerabilities like TOCTOU, double-spend bugs, and non-atomic operations.

Data Integrity & Tampering Analysis

Identifies security vulnerabilities related to unauthorized data modification and injection attacks using the STRIDE threat model.

Privacy Unawareness Analysis

Identifies and audits source code for privacy threats related to undisclosed data collection, missing consent mechanisms, and transparency gaps.

AppSec Project Assessment

Analyzes codebase architecture, tech stacks, and data sensitivity to recommend a prioritized security testing strategy.

Skill Testing Framework

Automates the creation, execution, and validation of unit, integration, and regression tests to ensure skill reliability.

Systematic Debugging Strategies

Implements methodical debugging techniques and profiling tools to identify and resolve complex software bugs across multiple programming stacks.