Security & Testing Claude 스킬

OIDC Federation Patterns

Implements secretless cloud authentication using OpenID Connect to eliminate long-lived credentials in CI/CD workflows.

Claude Plugin Validator

Automates the validation of Claude Code plugin structures, schemas, and security compliance to ensure adherence to repository standards.

CORS Policy Validator

Validates Cross-Origin Resource Sharing (CORS) configurations to identify security vulnerabilities and ensure policy compliance.

Claude Plugin Auditor

Automates security, compliance, and best practice audits for Claude Code plugins to ensure production-readiness and marketplace standards.

Code Review Correctness

Analyzes source code to identify complex logic bugs, unhandled edge cases, and critical error handling failures before they reach production.

Plugin Auditor

Performs comprehensive security and compliance audits for Claude Code plugins to ensure high-quality standards and marketplace readiness.

Vulnerability Scanner

Identifies and reports security vulnerabilities, CVEs, and configuration weaknesses across your codebase and project dependencies.

Load Balancer Tester

Automates the validation of load balancing strategies, including traffic distribution, failover scenarios, and health check integrity.

Security Incident Responder

Guides teams through the full security incident response lifecycle from initial classification to post-incident remediation.

FFUF Web Fuzzing Skill

Streamlines web fuzzing workflows with expert guidance on FFUF for discovering hidden content, subdomains, and vulnerabilities during penetration testing.

HIPAA Compliance Checker

Scans codebases, infrastructure configurations, and documentation to identify potential HIPAA compliance violations and security risks.

Infrastructure Compliance Checker

Analyzes cloud infrastructure configurations to ensure compliance with SOC2, HIPAA, and PCI-DSS standards.

Data Privacy Scanner

Scans codebases and configurations to identify PII leaks, regulatory compliance violations, and potential data privacy vulnerabilities.

SOC2 Audit Helper

Streamlines SOC2 audit preparation by automating evidence gathering, report generation, and compliance gap analysis.

Full Threat Modeling Workflow

Automates the end-to-end threat modeling lifecycle from asset discovery to comprehensive risk reporting using industry-standard frameworks.

Nixtla Release Validation

Automates multi-phase release validation workflows to ensure stability and predict test impacts for Nixtla time-series projects.

CSRF Protection Validator

Validates web application security by identifying Cross-Site Request Forgery (CSRF) vulnerabilities and auditing protection mechanisms.

Database Test Manager

Automates the creation of robust database testing environments through data generation, transaction management, and schema validation.

Threat Modeling Status

Displays a comprehensive overview of security posture, including asset counts, threat distribution, and compliance coverage within Claude Code.

Security Audit Reporter

Generates comprehensive security audit reports and compliance assessments to identify system vulnerabilities and provide actionable remediation steps.

OWASP Compliance Checker

Scans codebases for web application security vulnerabilities based on the OWASP Top 10 standards to ensure production-ready security.

Security Incident Responder

Guides users through the complete security incident response lifecycle from initial triage and containment to forensic investigation and recovery.

Vulnerability Scanner

Performs automated security audits to detect code flaws, vulnerable dependencies, and insecure configurations within your project.

Claude Plugin Auditor

Automates security, compliance, and quality audits for Claude Code plugins to ensure they meet production standards.

Compliance Mapping Toolkit

Maps security threats and controls to major compliance frameworks like OWASP, SOC2, and PCI-DSS to generate audit-ready documentation.

XSS Vulnerability Scanner

Scans web applications for Cross-Site Scripting vulnerabilities and provides context-aware remediation guidance.

Security Risk Report Generator

Generates comprehensive, prioritized security risk reports and executive summaries from threat model data.

Security Control Verifier

Verifies the implementation of security controls within your codebase against documented threat models to identify gaps and ensure compliance.

Test Coverage Analyzer

Analyzes code coverage metrics to identify untested code paths and generate detailed quality reports.

Threat Modeling & Risk Analysis

Analyzes system threats using STRIDE or PASTA frameworks to generate comprehensive threat catalogs, attack trees, and risk registers.