Security & Testing Claude 스킬

Web Testing & Quality Standards

Implements an inverted testing pyramid strategy using Playwright for E2E workflows and Vitest for pure function unit tests.

Tundra CLI Smoke Tester

Validates Rust CLI behavior through automated smoke checks, dry-runs, and artifact generation to ensure system stability.

MSW API Mocking

Streamlines API mocking using MSW handlers and environment-specific setups for consistent development and testing.

OWASP Security Reviewer

Performs automated OWASP Top 10 security audits to identify vulnerabilities like SQL injection, XSS, and broken authentication in application code.

Deep Code Review Orchestrator

Orchestrates comprehensive multi-perspective code audits by automatically routing changes to specialized security, database, and API review agents.

Skill Validator

Ensures Claude Code skills meet structural, naming, and security standards through automated auditing.

Security Validation

Protects AI workflows by implementing runtime secret scanning, PII masking, and prompt injection defense mechanisms.

Systematic Debugging (Czech Support)

Implements a systematic, TDD-driven debugging workflow that identifies root causes and verifies fixes through hypothesis testing and localized Czech triggers.

RSpec GARY Testing

Implements the GARY (Go Ahead, Repeat Yourself) principle to write highly readable and maintainable RSpec tests.

OSS KPI Evaluator

Evaluates open source projects against standardized health and performance metrics using multi-agent research.

Go Performance Benchmarking

Analyzes Go code performance by running benchmarks, identifying memory bottlenecks, and suggesting high-impact optimizations.

Full Project Verifier

Executes comprehensive verification suites including tests, builds, and linting to ensure project readiness and plan completion.

Cargo Startup Validator

Validates that Rust applications and daemons launch successfully without runtime errors or panics through automated execution testing.

API Security Best Practices

Implements robust API security patterns including authentication, authorization, and protection against common vulnerabilities like SQL injection and DDoS.

API Security Best Practices

Implements industry-standard security patterns for REST, GraphQL, and WebSocket APIs to prevent common vulnerabilities and data leaks.

Vitest Migration & Testing Guide

Accelerates the transition from Jest to Vitest and provides expert guidance on configuring high-performance TypeScript testing environments.

API Security Testing

Conducts comprehensive security audits and penetration tests on REST and GraphQL APIs to identify vulnerabilities like IDOR, injection, and authorization flaws.

Active Directory Attack Toolkit

Conducts professional Active Directory penetration testing and security assessments using industry-standard tools and methodologies.

Mobile App Pentesting

Conducts comprehensive security audits and penetration testing for Android and iOS mobile applications.

Cloud Security Exploitation

Identifies and exploits security misconfigurations across AWS, Azure, and GCP environments to harden cloud infrastructure.

Container Security & Escape Expert

Conducts deep security assessments and penetration tests for Docker and Kubernetes environments to identify and exploit vulnerabilities.

Security File Transfer Techniques

Facilitates advanced file transfers and data exfiltration across Linux and Windows using diverse protocols and living-off-the-land techniques.

Linux Privilege Escalation

Identifies and exploits Linux privilege escalation vectors including SUID binaries, sudo misconfigurations, and kernel vulnerabilities.

Network Service Enumeration

Performs professional-grade discovery, enumeration, and security assessment of network services and database protocols.

Password Attacks & Credential Cracking

Conducts professional password hash cracking, credential spraying, and authentication brute-force attacks using industry-standard tools.

Phishing and Social Engineering Toolkit

Conducts authorized social engineering assessments, phishing simulations, and credential harvesting to test organizational security awareness.

Web3 & Smart Contract Security

Audits and identifies vulnerabilities in smart contracts and Web3 applications using expert penetration testing techniques.

Windows Privilege Escalation Expert

Provides expert guidance and automated command patterns for escalating privileges on Windows systems during security audits.

C++ TDD Workflow Manager

Enforces a rigorous Test-Driven Development (TDD) lifecycle for C++20 projects using Google Test, CMake, and coverage analysis.

IDOR Vulnerability Testing

Detects, exploits, and remediates Insecure Direct Object Reference (IDOR) vulnerabilities in web applications to prevent unauthorized data access.