Security & Testing Claude 스킬

Test Doubles Generator

Generates mocks, stubs, spies, and fakes to isolate dependencies and streamline automated testing workflows.

Evidence-Based Verification Gate

Validates software changes through automated test execution, acceptance criteria verification, and regression detection to ensure high-quality code delivery.

Python Project Auditor

Audits Python projects against modern standards for configuration, security, and project structure to ensure code quality.

Arc TDD Workflow

Enforces a rigorous Red-Green-Refactor Test-Driven Development cycle for AI-assisted coding tasks.

AWS Penetration Testing

Performs comprehensive security assessments and penetration testing on Amazon Web Services infrastructure to identify vulnerabilities and privilege escalation paths.

Web App Testing with Playwright

Automates local web application testing and interaction using native Python Playwright scripts and managed server lifecycles.

Systematic Debugging

Implements a rigorous four-phase protocol to identify root causes and eliminate guess-and-check bug fixing.

Security Privilege Escalation Techniques

Provides comprehensive guidance and command syntax for identifying and exploiting privilege escalation vulnerabilities during authorized security assessments.

Verified Completion Guard

Enforces a strict evidence-first protocol that requires running verification commands before claiming any task is complete or passing.

Web Vulnerability Reference & Security Guide

Provides a comprehensive catalog of 100 critical web application vulnerabilities with detailed root causes, impacts, and remediation strategies.

Cloud Penetration Testing

Conducts comprehensive security assessments and ethical hacking across AWS, Azure, and Google Cloud environments.

Ethical Hacking Methodology

Guides users through the complete penetration testing lifecycle using industry-standard tools and ethical frameworks.

Linux Privilege Escalation

Executes systematic assessments to identify and exploit security misconfigurations for elevating Linux user privileges to root-level control.

Security Scanning Tools

Provides comprehensive command patterns and methodologies for industry-standard network discovery and vulnerability assessment tools.

API Security Fuzzing & Bug Bounty Toolkit

Conducts comprehensive security assessments and fuzzing on REST, GraphQL, and SOAP APIs to identify vulnerabilities like IDOR, injection, and authentication bypasses.

Systematic Debugging

Implements a rigorous four-phase methodology to identify root causes and resolve technical issues without trial-and-error thrashing.

Burp Suite Web Security Testing

Performs comprehensive web application security audits by intercepting HTTP traffic, modifying requests, and identifying vulnerabilities using Burp Suite.

Burp Suite Web Security Testing

Conducts comprehensive web application security testing using Burp Suite for traffic interception, manual exploitation, and automated vulnerability scanning.

API Security Best Practices

Implements industry-standard security patterns for REST, GraphQL, and WebSocket APIs to prevent common vulnerabilities and data leaks.

Network Services & Pen-Test Lab Setup

Configures and tests network services like HTTP, HTTPS, SNMP, and SMB for security research and penetration testing environments.

Systematic Debugging

Enforces a rigorous four-phase protocol to identify root causes and implement verified fixes for complex software bugs.

Testing Patterns & TDD Utilities

Implements robust Jest testing patterns, factory functions, and TDD workflows to ensure high-quality, maintainable codebases.

SQL Injection Security Testing

Performs comprehensive SQL injection vulnerability assessments to identify, exploit, and remediate database security flaws in web applications.

Security Scanning Tools

Automates and guides security vulnerability assessments, network discovery, and compliance auditing using industry-standard tools.

Pentest Commands Reference

Provides a comprehensive command library for penetration testing tools including Nmap, Metasploit, and SQLMap.

SSH Penetration Testing

Conducts comprehensive SSH security assessments including enumeration, credential attacks, and vulnerability exploitation for hardened network environments.

XSS & HTML Injection Security Testing

Performs comprehensive security assessments to detect, exploit, and remediate Cross-Site Scripting (XSS) and HTML injection vulnerabilities in web applications.

XSS & HTML Injection Security Testing

Identifies and exploits Cross-Site Scripting (XSS) and HTML injection vulnerabilities using advanced detection and bypass techniques.

Security Scanning Tools

Conducts comprehensive security audits and vulnerability assessments using industry-standard tools for networks, web apps, and cloud infrastructure.

API Security & Bug Bounty Fuzzing

Conducts comprehensive security assessments and fuzzing on REST, SOAP, and GraphQL APIs to identify vulnerabilities like IDOR, SQL injection, and authentication bypasses.