Security & Testing Claude 스킬

Verification Before Completion

Enforces a mandatory evidence-first workflow by requiring successful command execution before any work is marked as complete.

Systematic Debugging

Enforces a rigorous four-phase debugging methodology to identify root causes and implement permanent fixes for complex software issues.

WebSpec Subdomain Security & Architecture

Implements secure subdomain isolation, strict cookie scoping, and token-bound communication patterns for WebSpec environments.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure high-quality, verified production code through test-first implementation.

Fair-Forge Metric Creator

Generates standardized AI evaluation metrics for the Fair-Forge library including schemas, implementations, and comprehensive test suites.

WebSpec Authentication & Authorization

Manages secure OAuth 2.0 flows, JWT token structures, and biometric device binding for the WebSpec ecosystem.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, mocking, and test-driven development best practices.

Temporal Python Testing

Streamlines testing of Temporal workflows and activities in Python using time-skipping, mocking, and determinism validation.

Semgrep Static Analysis

Performs rapid security scanning and custom pattern matching to identify vulnerabilities and enforce coding standards across diverse codebases.

Semgrep Rule Variant Creator

Ports existing Semgrep security and quality rules to new target languages using a rigorous, test-driven validation workflow.

Sharp Edges API & Security Auditor

Identifies error-prone API designs, dangerous configurations, and security footguns to ensure code follows secure-by-default principles.

Secure Workflow Guide

Implements the industry-standard Trail of Bits 5-step secure development workflow to audit smart contracts and identify vulnerabilities.

Django Access Control & IDOR Review

Conducts deep security investigations into Django and DRF authorization logic to identify and prevent Insecure Direct Object Reference (IDOR) vulnerabilities.

Code Maturity Assessor

Evaluates codebase security and maturity using the Trail of Bits framework to provide evidence-based ratings and prioritized improvement roadmaps.

Variant Analysis Expert

Identifies and hunts for recurring security vulnerabilities and bug patterns across entire codebases using systematic pattern-based analysis.

LibAFL Fuzzing Library

Builds modular, high-performance custom fuzzers using the LibAFL framework for advanced security testing and research.

Fuzzing Harness Expert

Provides structured techniques and code patterns for writing effective fuzzing harnesses to improve software security and reliability.

OWASP Security Standards

Reviews and implements code according to the latest OWASP security benchmarks, including Top 10:2025 and Agentic AI safety guidelines.

Fuzzing Dictionary Guide

Guides fuzz testing by providing domain-specific tokens to reach deeper code paths in parsers and protocols.

Testing Handbook Generator

Automates the creation of specialized security testing skills for Claude Code by analyzing the Trail of Bits Testing Handbook.

CodeQL Static Analysis

Performs deep interprocedural static analysis to detect security vulnerabilities and track data flow across complex codebases.

Constant-Time Cryptography Analysis

Detects timing side-channel vulnerabilities and secret-dependent operations in cryptographic code across 14+ programming languages.

Semgrep Rule Creator

Generates and validates production-quality Semgrep rules to detect security vulnerabilities and complex code patterns using a test-driven approach.

Cairo/StarkNet Security Scanner

Scans Cairo smart contracts for critical vulnerabilities including arithmetic overflows, L1-L2 messaging flaws, and signature replay attacks.

OWASP Security & Best Practices

Audits code for vulnerabilities and implements industry-standard protection patterns based on OWASP 2025 and Agentic AI security guidelines.

Cosmos Blockchain Security Scanner

Audits Cosmos SDK modules and CosmWasm smart contracts for consensus-critical vulnerabilities and security risks.

Verification Before Completion

Enforces rigorous verification protocols and evidence-based reporting before any task or code change is claimed as complete.

Differential Security Review

Performs security-focused differential reviews of code changes to detect vulnerabilities and prevent regressions in PRs and commits.

Fuzzing Obstacle Bypass

Patches codebases to bypass checksums, non-deterministic states, and validation barriers to improve fuzzer coverage.

Property-Based Testing Guide

Implements advanced property-based testing strategies to ensure robust code reliability across multiple programming languages and smart contracts.