Security & Testing Claude 스킬

Security Review Checklist

Performs comprehensive security audits and provides implementation patterns to protect applications from vulnerabilities like SQL injection, XSS, and broken authentication.

Python Testing Expert

Implements comprehensive Python testing strategies using pytest, TDD methodologies, and advanced mocking patterns.

Eval Harness (EDD Framework)

Implements an Evaluation-Driven Development (EDD) framework for Claude Code to ensure reliable AI-generated code through systematic testing and regression tracking.

TDD Development Workflow

Enforces a rigorous test-driven development cycle with mandatory 80% coverage across unit, integration, and E2E tests.

Django Security Best Practices (JA)

Provides comprehensive Japanese-language security guidelines and implementation patterns for hardening Django web applications.

Spring Boot Security Review

Implements and audits Spring Boot security configurations including authentication, authorization, and input validation using industry best practices.

Verification Loop

Standardizes the code validation process through automated builds, type checking, testing, and security audits.

Secure HTTP Headers

Configures industry-standard HTTP security headers and cookie policies to protect web applications from common vulnerabilities.

Azure Scenario Tester

Validates Azure infrastructure and integration code by generating and executing isolated end-to-end scenario tests against production-like environments.

Test Coverage Analysis

Analyzes code coverage reports and identifies critical testing gaps to improve software reliability across Python and JavaScript projects.

WCAG Accessibility Audit Patterns

Conducts comprehensive WCAG 2.2 accessibility audits using automated scans, manual verification protocols, and detailed remediation strategies.

TDD Workflow

Enforces a rigorous test-driven development cycle with standardized patterns for unit, integration, and E2E testing.

Test Coverage Analysis

Analyzes test coverage reports and identifies critical code gaps to improve software reliability in Python and JavaScript projects.

Advanced JS Mocking Patterns

Implements sophisticated JavaScript testing strategies for module isolation, timer manipulation, and mock lifecycle management.

Firebase Authentication Patterns

Implements secure Firebase Authentication flows including OAuth, session management, and protected routes for web applications.

Firestore Security Rules Generator

Generates robust, production-ready Firestore security rules with patterns for RBAC, multi-tenancy, and schema validation.

Python Code Review & Linting

Enhances Python code quality through automated Ruff linting, security vulnerability detection, and robust mypy type checking.

Pytest Modern Test Patterns

Implements standardized pytest structures including fixtures, parametrization, and the AAA pattern to build robust Python test suites.

Privacy & Consent Compliance

Implements privacy-first development patterns to ensure GDPR and CCPA compliance through automated consent management and data minimization.

QA Strategy & Quality Metrics

Guides the implementation of robust testing pyramids and software maintainability metrics to reduce technical debt and improve code health.

TypeScript Component Testing

Implements robust, accessible UI component tests using React Testing Library and modern TypeScript patterns.

Red/Blue Team Validator

Stress-tests decisions, strategies, and architectures through iterative adversarial Red/Blue team simulations to uncover and mitigate vulnerabilities.

Firebase Authentication Patterns

Implements secure Firebase Authentication flows including OAuth, session management, and server-side protected routes.

TypeScript Component Testing

Implements industry-standard Jest, Vitest, and React Testing Library patterns to ensure robust, accessible frontend components.

MCP Protocol Compliance Testing

Validates Model Context Protocol (MCP) implementations for JSON-RPC 2.0 compliance, schema integrity, and async execution reliability.

Access Control Patterns

Implements secure authorization logic by auditing and applying RBAC, ABAC, and IDOR prevention patterns.

Python Code Review & Linting

Automates Python code analysis to enforce security standards, fix anti-patterns, and maintain strict linting using Ruff and Mypy.

Authentication & Session Security

Secures applications by implementing JWT validation, OAuth2 flows, and robust session management patterns.

Security Testing

Hardens software applications by providing comprehensive security auditing, vulnerability scanning, and penetration testing guidance.

LSP Type Safety Checker

Verifies code type safety and function signature compatibility using Language Server Protocol data to prevent runtime errors.