Security & Testing Claude 스킬

Playwright E2E Testing Patterns

Implements robust end-to-end testing suites using Playwright, Page Object Models, and CI/CD integration best practices.

Verification Before Completion

Enforces a mandatory evidence-based verification workflow before any task is marked as complete or successful.

Phased Review Workflow

Conducts automated multi-stage code reviews and security audits with parallel sub-agents and gated test verification.

Helm Deployment Security

Secures Kubernetes deployments by validating Helm chart integrity and scanning templates for security misconfigurations.

Verified Completion Workflow

Enforces rigorous, evidence-based verification protocols before any task is marked as complete or committed to a repository.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing automated tests before implementation.

Systematic Debugging

Enforces a rigorous, four-phase methodology to identify root causes and implement reliable fixes for software defects.

GraphQL Depth Limit Security Testing

Identifies and tests GraphQL API denial-of-service vulnerabilities through recursive nesting and query complexity analysis.

Test-Driven Development (TDD) Workflow

Enforces a strict Red-Green-Refactor cycle to ensure code reliability and high-quality software design.

Hardening Docker Containers for Production

Secures Docker environments by implementing CIS Benchmark standards and industry-leading container hardening practices.

Web Vulnerability Triage & Risk Rating

Triages web application vulnerability findings from DAST and SAST scanners using the OWASP Risk Rating Methodology to prioritize remediation efforts.

MISP Threat Intelligence Aggregator

Automates the deployment and management of MISP to aggregate, correlate, and distribute threat intelligence feeds across security infrastructures.

BeyondCorp Zero Trust Implementation

Implements Google's BeyondCorp zero trust security model to replace traditional VPNs with identity-aware, context-based access controls.

Gamma Data Compliance & Privacy

Automates data privacy, GDPR compliance, and retention policies for Gamma integrations.

Ideogram Enterprise RBAC

Configures role-based access control, SSO integration, and credit-based budget management for Ideogram AI image generation.

Web Security Headers Audit

Audits web application HTTP response headers to identify missing or misconfigured security protections like CSP, HSTS, and Secure cookies.

Fuzzing Dictionary Techniques

Optimizes fuzzer performance by providing domain-specific tokens to guide parsers and protocol handlers toward deeper code paths.

Deepgram Enterprise RBAC

Implements secure role-based access control and API key management for enterprise Deepgram integrations.

Cloudflare DDoS Mitigation Implementation

Configures multi-layer Cloudflare security controls to protect web infrastructure from volumetric, protocol, and application-layer DDoS attacks.

Wycheproof Cryptographic Testing

Validates cryptographic implementations against a comprehensive library of known attack vectors and edge cases.

Retell AI Performance & Scaling

Optimizes Retell AI integrations through automated load testing, Kubernetes auto-scaling configurations, and data-driven capacity planning.

TLS Certificate Transparency Analysis

Monitors and analyzes Certificate Transparency logs to detect phishing attempts, unauthorized SSL/TLS issuances, and potential brand impersonation.

Granola Data Compliance & Export

Automates data export, retention policies, and GDPR/CCPA compliance for Granola meeting transcripts and notes.

EvilGinx3 Initial Access Guide

Facilitates authorized initial access testing using the EvilGinx3 adversary-in-the-middle framework to bypass multi-factor authentication.

Email Security (SPF, DKIM, DMARC) Implementation

Secures organizational email domains by configuring SPF, DKIM, and DMARC protocols to prevent spoofing and phishing.

Fuzzing Harness Writing

Generates high-quality fuzzing harnesses to identify edge-case bugs and security vulnerabilities across multiple programming languages.

Agent Tesla RAT Config Extractor

Extract embedded configurations and exfiltration credentials from Agent Tesla RAT samples using .NET decompilation and automated string analysis.

Splunk Lateral Movement Detection

Identifies and tracks adversary movement across network environments using specialized Splunk SPL queries and Windows event analysis.

Cybersecurity Deception Technology Deployment

Deploys honeypots, honeytokens, and decoy systems to provide high-fidelity detection of lateral movement and credential abuse.

Replit Policy Guardrails

Implements security guardrails and resource policy enforcement for applications hosted on Replit to prevent data leaks and resource overages.