Security & Testing Claude 스킬

Action Kamen Code Review

Conducts comprehensive, agent-led code reviews and security audits with actionable fixes and clear pass/fail verdicts.

Vertical Slicing TDD Patterns

Organizes software implementation into test-driven vertical slices that deliver demonstrable value in every development cycle.

SSL Certificate Manager

Manages and monitors SSL/TLS certificates by checking expiry dates, facilitating renewals, and auditing installed credentials.

SSL Certificate Manager

Manages and monitors SSL/TLS certificates by checking expiry dates, performing renewals, and listing installed certificates.

Integration Test Runner

Automates the orchestration, execution, and cleanup of comprehensive integration test suites within the Claude Code environment.

API Test Automation

Automates the creation, execution, and reporting of comprehensive API test suites for REST and GraphQL services.

Database Security Scanner

Scans databases for vulnerabilities and automates the implementation of security controls and compliance standards.

AI Evaluation & Quality Frameworks

Implements comprehensive assessment methodologies and rubrics for evaluating LLM responses, code quality, and agent performance.

Privacy Detectability & Side-Channel Analyst

Analyzes source code for detectability threats and timing side channels to prevent unauthorized inference of system interactions.

Data Flow Security Mapper

Traces application data from input sources to storage sinks to identify security vulnerabilities and trust boundary violations.

Injection Security Analysis

Audits source code for SQL, NoSQL, and command injection vulnerabilities to align with OWASP Top 10 security standards.

AppSec Plan Reviewer

Analyzes implementation plans and architecture designs to identify security vulnerabilities before a single line of code is written.

Privilege Escalation Security Auditor

Identifies authorization vulnerabilities and privilege escalation paths within your source code using the STRIDE threat modeling framework.

Doc Detective Project Bootstrap

Automatically initializes and configures Doc Detective to validate procedural documentation through intelligent test generation and iterative fixing.

PASTA Attack Simulator

Simulates realistic exploit chains and scores vulnerability exploitability using the PASTA threat modeling framework.

Identifiability Analysis

Analyzes source code and data structures to detect PII exposure and re-identification risks in anonymized datasets.

Doc Detective Testing

Verifies documentation procedures by converting them into executable Doc Detective test specifications and validating them automatically.

Race Condition Security Auditor

Analyzes source code to detect and remediate complex concurrency vulnerabilities like TOCTOU, double-spend bugs, and non-atomic operations.

Secrets Detection & Security Scanning

Identifies and remediates hardcoded credentials, API keys, and sensitive tokens across source code and git history.

API Testing Expert

Streamlines API testing workflows using modern tools like Bruno, Postman, and contract testing frameworks to ensure backend reliability.

Linkability & Privacy Analysis

Analyzes source code to identify and mitigate linkability threats where user data can be correlated across services, sessions, or contexts.

PASTA Stage 2: Technical Scope Mapping

Maps application attack surfaces and technical boundaries to create comprehensive data flow diagrams for threat modeling.

PASTA Threat Analysis

Identifies and analyzes potential threats by profiling actors and mapping attack vectors to the MITRE ATT&CK framework using the PASTA methodology.

AppSec Configuration Manager

Manages persistent security preferences, tool thresholds, and scan exclusions for integrated application security workflows.

Serverless Security Audit

Analyzes serverless applications for security vulnerabilities including overprivileged IAM policies, event injection, and insecure configuration.

PASTA Vulnerability Analysis

Identifies security weaknesses and maps vulnerabilities to CWE identifiers using the PASTA threat modeling methodology.

Personal Data Disclosure Auditor

Audits source code to identify and mitigate unauthorized personal data (PII) exposure in logs, APIs, and third-party integrations.

AppSec Learn

Teaches application security through interactive, guided walkthroughs using your own codebase as the primary teaching material.

AppSec Security Dashboard

Visualizes the current security posture of a project by aggregating scan results and tracking code changes since the last audit.

Attack Surface Mapping

Maps and inventories every application entry point to identify potential security exposure and undocumented interfaces.