Security & Testing Claudeスキル

Eleven-Category Test Structure for iTerm

Standardizes iTerm shell script testing using a comprehensive 11-category framework to ensure robust coverage and reliability.

Shell Test Mocking Pattern

Mocks external shell commands using PATH overrides to verify script logic and argument passing without executing real binaries.

Auth Status Diagnostic

Audits and verifies local OAuth credentials stored in 1Password to ensure a healthy development environment.

1Password Auth Preflight

Validates 1Password credential injection to ensure development environments start without authentication failures.

Audit Fleet Consolidation

Consolidates multiple specialist audit reports into a unified, executive-level artifact while maintaining strict data schema integrity.

Audit Fleet SQL Todo Tracker

Manages multi-lane audit progress using SQL-based task tracking and strict contract compliance gates.

Local Auth Setup (1Password)

Automates secure OAuth credential injection for local development using the 1Password CLI.

Local Auth Teardown

Cleans up local authentication artifacts and environment templates to revert your project to its original state.

Audit Fleet Evidence Policy

Enforces rigorous quality control and standardized evidence reporting for software audits and system findings.

Audit Fleet Orchestration

Orchestrates multi-lane security and quality audits using deterministic report contracts and synchronized consolidation.

1Password Auth Rotator

Automates the rotation and updating of specific local development credentials stored within 1Password vaults.

Audit Fleet Output Contract

Enforces a standardized, deterministic output format for audit reports to ensure seamless data merging and consistency across automated audit lanes.

Strict Verification

Enforces a rigorous evidence-based workflow by requiring verified command outputs before any task completion claim, commit, or pull request.

Radar Site Auditor

Automates website testing, bug resolution, and professional reporting using Playwright for both clients and developers.

Auto Review & Fix Loop

Automates the end-to-end code review process by identifying issues, triaging findings, and autonomously applying fixes until the code stabilizes.

PlayRalph Diagnostic Loop

Automates website diagnostics and bug-fixing loops using Playwright and server-side log analysis.

Security Posture & API Safety

Enforces 16 critical security invariants across API boundaries, authentication flows, and data handling to ensure production-grade security.

TDD Enforcement

Enforces the Red-Green-Refactor methodology to ensure all production code is verified by failing tests before implementation.

Systematic Debugging

Enforces a disciplined 4-phase methodology for root cause analysis and regression testing to eliminate bugs permanently.

Pre-Commit Quality Gate

Enforces institutional quality standards and automated validation checks before code is committed or pushed.

Review Skill Backtester

Evaluates the effectiveness of AI code review skills by replaying historical bugs and measuring detection accuracy.

Plan Audit & Risk Guard

Performs a rigorous 44-gate audit of implementation plans to catch architectural flaws, security gaps, and mathematical errors before code is written.

Chrome QA & Testing Suite

Automates web application QA, bug discovery, and performance monitoring within the Google Chrome browser.

Guidelines Advisor

Analyzes smart contract codebases to provide comprehensive security and architectural guidance based on Trail of Bits' development standards.

Sharp Edges Security Auditor

Identifies error-prone API designs, dangerous configurations, and security footguns to ensure code follows secure-by-default principles.

AFL++ Fuzzing Guide

Provides comprehensive guidance and implementation patterns for high-performance multi-core fuzzing of C/C++ projects using AFL++.

SARIF Parsing & Analysis

Parses and processes Static Analysis Results Interchange Format (SARIF) files to aggregate findings, deduplicate alerts, and integrate security data into development workflows.

Ruzzy Ruby Fuzzer

Performs coverage-guided fuzz testing on Ruby applications and C extensions to detect memory corruption and security vulnerabilities.

Variant Analysis

Identifies similar vulnerabilities and security flaws across codebases using systematic, pattern-based analysis.

Semgrep Static Analysis

Performs fast, pattern-based security scanning and static analysis to identify vulnerabilities and enforce coding standards.