Security & Testing Claude 스킬

Policy-as-Code End-to-End Enforcement

Eliminates security gaps by enforcing standardized Kyverno policies across local development, CI/CD pipelines, and Kubernetes runtime environments.

Branch Protection Enforcement

Implements automated GitHub branch protection patterns and drift detection to ensure robust organizational security compliance.

Kubernetes Incident Response Playbooks

Provides standardized templates for detecting, containing, and remediating Kubernetes security incidents with guided decision trees.

SLSA Toolchain Integration

Integrates SLSA provenance generation and dependency verification across Go, Node.js, and Python toolchains.

Kyverno Network Security Templates

Enforces robust Kubernetes network security policies including namespace isolation, Ingress TLS requirements, and service exposure restrictions.

GitHub Actions Security Hub

Implements hardened security patterns for GitHub Actions workflows, including SHA pinning, least-privilege permissions, and OIDC federation.

Secure SDLC Hardening Roadmap

Implements a four-phase defense-in-depth strategy to secure the Software Development Lifecycle through automated gates, branch protection, and runtime enforcement.

Intent-Based Spec Tests

Implements natural language specification testing using Claude as a judge to ensure code aligns with business intent and user requirements.

Backend TDD Test Generator

Generates Python test files following strict TDD patterns and Given-When-Then structures for domain logic and API endpoints.

Systematic Debugging Workflow

Enforces a disciplined, four-phase methodology to identify root causes and resolve software defects without guesswork.

Rust Testing & rstest Manager

Streamlines Rust unit testing by enforcing rstest patterns and maximizing code coverage through cargo-llvm-cov.

Testing Expert (Spring Integration & E2E)

Streamlines Spring Boot integration testing by implementing E2E patterns with TestRestTemplate, reusable fixtures, and database isolation.

Unit & Integration Testing

Provides expert guidance and best practices for writing clean, maintainable, and effective unit and integration tests using industry-standard patterns.

Solidity Smart Contract Patterns

Implements battle-tested Solidity design patterns and OpenZeppelin security standards for robust Ethereum smart contract development.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all implementation work is verified by failing tests before production code is written.

Verification Before Completion

Enforces a rigorous verification-first workflow that requires fresh command output before claiming any task is complete or successful.

Testing Workflow

Orchestrates a comprehensive, multi-step testing sequence to validate skill functionality, integration compatibility, and structural integrity.

Testing Workflow Orchestrator

Orchestrates a comprehensive four-step testing process to validate skill functionality, integration, and structural integrity.

Hello World

Verifies the basic operation of Claude Skills by displaying a greeting, the current time, and directory information.

Testing Skills With Subagents

Applies Red-Green-Refactor cycles to AI process documentation to ensure skills remain effective and compliant under high-pressure scenarios.

Database Security Scanner

Performs comprehensive security audits and vulnerability assessments for PostgreSQL and MySQL databases using OWASP guidelines.

Web3 Smart Contract Testing

Validates and secures smart contracts using comprehensive Hardhat and Foundry testing frameworks.

Solidity Smart Contract Security

Secures Ethereum smart contracts by identifying vulnerabilities and implementing industry-standard protection patterns.

SAST Configuration & Security Scanning

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection across multiple programming languages.

GDPR Data Handling & Compliance

Implements GDPR-compliant data processing workflows including consent management, data subject rights, and automated retention policies.

Bats Shell Testing Patterns

Implements robust automated testing for shell scripts using the Bash Automated Testing System (Bats) to ensure script reliability and maintainability.

Attack Tree Construction

Generates systematic attack path visualizations to identify security vulnerabilities and defensive priorities.

Authentication & Authorization Patterns

Implements secure access control systems using JWT, OAuth2, session management, and role-based permissions.

STRIDE Threat Modeling Patterns

Systematically identifies and mitigates security threats using the industry-standard STRIDE methodology during system architecture and code reviews.

E2E Testing Patterns

Implements robust end-to-end testing suites using Playwright and Cypress to ensure application reliability and performance.