Security & Testing Claude 스킬

Denial of Service (DoS) Analysis

Scans source code to identify and mitigate vulnerabilities that could lead to service disruptions or resource exhaustion.

PASTA Risk & Impact Analysis

Calculates business-weighted risk scores and generates prioritized remediation roadmaps for the PASTA threat modeling framework.

Business Logic Security Auditor

Analyzes application workflows and business rules to identify logic-based security vulnerabilities that automated scanners often miss.

AppSec Glossary

Provides instant definitions and framework mappings for application security terms and vulnerability classes.

AppSec Plan Reviewer

Analyzes implementation plans and architecture designs to identify security vulnerabilities before a single line of code is written.

Data Flow Security Mapper

Traces application data from input sources to storage sinks to identify security vulnerabilities and trust boundary violations.

Secrets Detection & Security Scanning

Identifies and remediates hardcoded credentials, API keys, and sensitive tokens across source code and git history.

Privacy Detectability & Side-Channel Analyst

Analyzes source code for detectability threats and timing side channels to prevent unauthorized inference of system interactions.

Injection Security Analysis

Audits source code for SQL, NoSQL, and command injection vulnerabilities to align with OWASP Top 10 security standards.

Regulatory Compliance & Privacy Auditor

Analyzes source code for privacy regulation violations including GDPR, CCPA, and HIPAA non-compliance.

PASTA Attack Simulator

Simulates realistic exploit chains and scores vulnerability exploitability using the PASTA threat modeling framework.

Identifiability Analysis

Analyzes source code and data structures to detect PII exposure and re-identification risks in anonymized datasets.

Privilege Escalation Security Auditor

Identifies authorization vulnerabilities and privilege escalation paths within your source code using the STRIDE threat modeling framework.

Better Auth Best Practices

Simplifies the integration of Better Auth into TypeScript applications with optimized configurations and security-first implementation patterns.

Agent Skill Evaluator

Performs comprehensive security and safety assessments of agent skills and MCP servers to identify prompt injection risks, malicious code, and data exfiltration attempts.

Race Condition Security Auditor

Analyzes source code to detect and remediate complex concurrency vulnerabilities like TOCTOU, double-spend bugs, and non-atomic operations.

Privacy Unawareness Analysis

Identifies and audits source code for privacy threats related to undisclosed data collection, missing consent mechanisms, and transparency gaps.

Root Cause Tracing

Systematically traces bugs backward through the call stack to identify and fix the original trigger rather than the symptom.

Web Application Testing

Automates browser testing and UI verification for local web applications using Playwright and managed server lifecycles.

Shell Script Quality

Lints and tests bash scripts using ShellCheck and BATS to ensure production-grade shell code and reliable automation.

Systematic Debugging

Implements a rigorous four-phase framework to identify root causes and ensure permanent fixes before modifying code.

HardStop Safety Shield

Protects your system by validating AI-generated shell commands and blocking dangerous operations before execution.

Hardstop Safety Protocol

Protects your system by intercepting and validating AI-generated shell commands before execution to prevent data loss and security breaches.

Hardstop Safety Guard

Protects systems by validating AI-generated shell commands and file operations against a comprehensive safety protocol before execution.

HardStop Command Safety

Protects your system from dangerous AI-generated shell commands and hallucinations through real-time safety validation.

API Testing Expert

Streamlines API testing workflows using modern tools like Bruno, Postman, and contract testing frameworks to ensure backend reliability.

Linkability & Privacy Analysis

Analyzes source code to identify and mitigate linkability threats where user data can be correlated across services, sessions, or contexts.

Personal Data Disclosure Auditor

Audits source code to identify and mitigate unauthorized personal data (PII) exposure in logs, APIs, and third-party integrations.

Doc Detective Testing

Verifies documentation procedures by converting them into executable Doc Detective test specifications and validating them automatically.

Security Regression Detection

Prevents the reintroduction of security vulnerabilities by verifying historical fixes against current code changes.