Security & Testing Claudeスキル

Quick Security Scan for Codacy

Performs rapid security audits on specific files, staged changes, or pull requests using Codacy and AI-powered insights.

Rego Policy Development

Develops, optimizes, and audits OPA Rego policies using industry-standard best practices and Rego v1 semantics.

Differential Security Review

Performs security-focused differential reviews of code changes to detect vulnerabilities and prevent regressions in PRs and commits.

Verification Before Completion

Enforces rigorous verification protocols and evidence-based reporting before any task or code change is claimed as complete.

Cosmos Blockchain Security Scanner

Audits Cosmos SDK modules and CosmWasm smart contracts for consensus-critical vulnerabilities and security risks.

OWASP Security & Best Practices

Audits code for vulnerabilities and implements industry-standard protection patterns based on OWASP 2025 and Agentic AI security guidelines.

Cairo/StarkNet Security Scanner

Scans Cairo smart contracts for critical vulnerabilities including arithmetic overflows, L1-L2 messaging flaws, and signature replay attacks.

Semgrep Rule Creator

Generates and validates production-quality Semgrep rules to detect security vulnerabilities and complex code patterns using a test-driven approach.

Constant-Time Cryptography Analysis

Detects timing side-channel vulnerabilities and secret-dependent operations in cryptographic code across 14+ programming languages.

CodeQL Static Analysis

Performs deep interprocedural static analysis to detect security vulnerabilities and track data flow across complex codebases.

Testing Handbook Generator

Automates the creation of specialized security testing skills for Claude Code by analyzing the Trail of Bits Testing Handbook.

Fuzzing Dictionary Guide

Guides fuzz testing by providing domain-specific tokens to reach deeper code paths in parsers and protocols.

OWASP Security Standards

Reviews and implements code according to the latest OWASP security benchmarks, including Top 10:2025 and Agentic AI safety guidelines.

Fuzzing Harness Expert

Provides structured techniques and code patterns for writing effective fuzzing harnesses to improve software security and reliability.

LibAFL Fuzzing Library

Builds modular, high-performance custom fuzzers using the LibAFL framework for advanced security testing and research.

Variant Analysis Expert

Identifies and hunts for recurring security vulnerabilities and bug patterns across entire codebases using systematic pattern-based analysis.

Code Maturity Assessor

Evaluates codebase security and maturity using the Trail of Bits framework to provide evidence-based ratings and prioritized improvement roadmaps.

Django Access Control & IDOR Review

Conducts deep security investigations into Django and DRF authorization logic to identify and prevent Insecure Direct Object Reference (IDOR) vulnerabilities.

Secure Workflow Guide

Implements the industry-standard Trail of Bits 5-step secure development workflow to audit smart contracts and identify vulnerabilities.

Sharp Edges API & Security Auditor

Identifies error-prone API designs, dangerous configurations, and security footguns to ensure code follows secure-by-default principles.

Semgrep Rule Variant Creator

Ports existing Semgrep security and quality rules to new target languages using a rigorous, test-driven validation workflow.

Semgrep Static Analysis

Performs rapid security scanning and custom pattern matching to identify vulnerabilities and enforce coding standards across diverse codebases.

Maestro E2E Testing

Executes comprehensive end-to-end testing for data persistence pipelines within the Maestro ecosystem.

Temporal Python Testing

Streamlines testing of Temporal workflows and activities in Python using time-skipping, mocking, and determinism validation.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, mocking, and test-driven development best practices.

CasePilot: Smart Test Case Generator

Automates the generation of comprehensive Markdown-based test cases and mind maps from requirement documents and technical designs.

WebSpec Authentication & Authorization

Manages secure OAuth 2.0 flows, JWT token structures, and biometric device binding for the WebSpec ecosystem.

Fair-Forge Metric Creator

Generates standardized AI evaluation metrics for the Fair-Forge library including schemas, implementations, and comprehensive test suites.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure high-quality, verified production code through test-first implementation.

WebSpec Subdomain Security & Architecture

Implements secure subdomain isolation, strict cookie scoping, and token-bound communication patterns for WebSpec environments.