Security & Testing Claude 스킬

Codex Home Audit

Audits Codex home directories to detect configuration drift, security risks, and cleanup opportunities.

UI Visual Regression Reviewer

Analyzes and validates visual diffs from Storybook, Playwright, and Argos to distinguish intentional UI changes from accidental regressions.

Security Ownership Mapper

Analyzes git history to map code ownership risks, identify low bus factors in sensitive components, and detect security maintenance gaps.

Security Threat Modeler

Generates repository-specific security threat models by identifying assets, trust boundaries, and potential abuse paths based on source code evidence.

Incident Response Commander

Manages IT outages and security incidents using structured workflows for triage, containment, and blameless post-mortem analysis.

Security Best Practices Review

Reviews code and architecture against language-specific security standards and the OWASP Top 10:2025 framework.

Incident Response Commander

Guides technical teams through IT outages and security incidents using structured SRE and SecOps workflows.

Systematic Debugging

Diagnoses production bugs and regressions using evidence-based analysis and reproducible fix plans before implementing code changes.

Better Auth Scaffolding

Implements and migrates secure Better Auth integrations for TypeScript and JavaScript applications with OWASP-aligned defaults.

Rust Unsafe & FFI Safety Guide

Enforces best practices for Rust unsafe code to minimize risk, manage raw pointers, and ensure FFI interoperability while preventing undefined behavior.

Privacy Compliance Engineer

Enforces rigorous data protection controls and privacy-by-design principles across application layers to ensure regulatory compliance.

QA Backend Tester

Automates the validation of backend services including REST APIs, AWS Lambdas, gRPC endpoints, and GraphQL interfaces.

Skill Security Analyzer

Decompiles freeform SKILL.md files into machine-auditable structures to perform automated security audits and risk scoring.

Social Platform Safety Guard

Protects AI agents from deceptive content, prompt injection, and harmful information across social media platforms.

User Activity Auditor

Audits and reports on specific user actions across cloud resources to ensure security, accountability, and compliance.

QA Smoke Test

Validates project health through rapid pre-QA sanity checks including server availability, file existence, and browser console errors.

Security Scan for Claude Code

Audits Claude Code configurations and MCP servers for security vulnerabilities, misconfigurations, and injection risks using AgentShield.

Accessibility Auditor

Conducts comprehensive WCAG 2.2 Level AA accessibility audits for React and TypeScript applications with specialized MUI framework awareness.

Security Scanner

Audits Claude Code plugins and skills for malicious code and harmful natural language instructions using AI semantic analysis.

DotNet Time Testing with TimeProvider

Streamlines testing of time-dependent .NET logic by implementing and manipulating TimeProvider and FakeTimeProvider abstractions.

Codebase Auditor

Performs comprehensive audits of code quality, security vulnerabilities, and technical debt using modern engineering standards and actionable remediation plans.

Social Platform Safety Guard

Protects AI agents from induced content, spam, and prompt injection while interacting with social platforms like Moltbook.

Tool Gate Permission Auditor

Audits Claude Code session logs to refine and optimize bash command permission decisions for increased workflow efficiency.

Sentinel QA Sweep

Conducts automated end-to-end QA sweeps to catch console errors, layout bugs, RBAC violations, and API schema drift.

Lendtrain Security Guardrails

Implements mandatory adversarial defense rules and security guardrails to protect mortgage refinance workflows from manipulation.

Accessibility Audit & Compliance

Performs comprehensive accessibility audits using axe-core to ensure WCAG 2.1 AA compliance and inclusive user experiences.

QE Contract Testing

Automates consumer-driven contract testing and schema validation for REST, GraphQL, and event-driven APIs to prevent breaking changes.

Bulletproof React Auditor

Audits and refactors React codebases into enterprise-grade, feature-based architectures following Bulletproof React patterns.

E2E Testing & Visual Debugging

Automates the Playwright end-to-end testing lifecycle with LLM-powered visual analysis and actionable fix recommendations.

Red Team

Provides a constructive adversarial perspective to stress-test ideas, designs, and decisions through rigorous examination.