Security & Testing Claude 스킬

TypeScript Frontend Testing

Enforces robust frontend testing standards using Vitest, React Testing Library, and MSW to ensure high-quality, reliable TypeScript codebases.

Input Validation Scanner

Scans source code to detect and mitigate input validation vulnerabilities like SQL injection and cross-site scripting (XSS).

Integration Test Runner

Automates the orchestration, execution, and cleanup of complex integration test suites directly within Claude.

FDA Regulatory Consultant Specialist

Navigates FDA regulatory pathways and ensures QSR and HIPAA compliance for medical device development.

API Contract Validator

Validates API integrity and consumer compatibility using Pact and OpenAPI specifications to prevent breaking changes.

Test Doubles Generator

Automates the creation of mocks, stubs, spies, and fakes to accelerate unit testing workflows across multiple frameworks.

Secret & Credential Scanner

Identifies and remediates exposed secrets, API keys, and credentials within codebases using advanced pattern matching and entropy analysis.

Run the Tests

Automates test execution, failure diagnosis, and infrastructure setup to ensure 100% test pass rates across multiple languages and frameworks.

Dependency Analyzer & Security Auditor

Analyzes project dependencies to identify security vulnerabilities, outdated packages, and license compliance issues across multiple ecosystems.

DevSecOps Security Integration

Integrates automated security scanning, secrets management, and policy-as-code directly into the software development lifecycle.

Web Application Testing

Automates local web application testing and UI verification using Playwright for robust frontend debugging and end-to-end testing.

Senior QA Engineering Toolkit

Implements comprehensive quality assurance strategies, automated test suites, and coverage analysis for modern web applications.

Testing Anti-Patterns & Best Practices

Eliminates brittle test suites and improves code quality by identifying and correcting common mocking and TDD anti-patterns.

Web Application Testing Toolkit

Facilitates end-to-end testing and browser automation for local web applications using Playwright and Python.

Systematic Debugging

Eliminates trial-and-error debugging by enforcing a rigorous, root-cause-first methodology for all technical issues.

Reviewing Silent Failures

Identifies and mitigates silent failures, swallowed errors, and unhandled exceptions in frontend codebases.

Silent Failure Reviewer

Audits frontend codebases to detect and remediate swallowed exceptions and silent error handling patterns.

Web Application Testing

Automates local web application testing and browser interaction using Playwright and lifecycle management scripts.

SQL Injection Security Detector

Scans application source code to identify, analyze, and remediate SQL injection vulnerabilities in database queries.

Data Privacy Scanner

Scans codebases and configuration files to identify PII leaks, compliance risks, and potential data privacy vulnerabilities.

Security Code Review Agent

Conducts comprehensive security audits and vulnerability assessments to identify risks like SQL injection, XSS, and insecure dependencies.

API Fuzz Tester

Performs automated fuzz testing on REST APIs to identify security vulnerabilities, input validation failures, and unexpected behaviors.

CSRF Protection Validator

Validates web application endpoints for Cross-Site Request Forgery (CSRF) vulnerabilities and security gaps.

SDD Fidelity Review

Evaluates code implementation against specification requirements to identify deviations, assess impact, and ensure architectural alignment.

Spec Validation & Repair

Ensures the structural integrity and consistency of Spec-Driven Development (SDD) JSON files through comprehensive validation and automated fixing.

Run Tests

Executes pytest suites and provides a systematic multi-agent debugging workflow to resolve complex test failures and regressions.

Test Quality Analysis

Analyzes test suites to detect anti-patterns, improve coverage, and eliminate flaky tests for more reliable software delivery.

Kubernetes Security Policies

Implement production-grade Kubernetes security using NetworkPolicies, Pod Security Standards, and RBAC.

SOC2 Audit & Compliance Helper

Automates evidence gathering and gap analysis to streamline SOC2 audit preparation and security compliance workflows.

Condition-Based Waiting

Eliminates flaky tests by replacing arbitrary delays with reliable condition-based polling logic.