Security & Testing Agent Skills

Jest Mocking Patterns

Provides expert guidance and code patterns for implementing comprehensive mocking strategies in Jest-based testing environments.

Crypto Security Auditor

Audits source code for cryptographic vulnerabilities, weak encryption algorithms, and insecure secret management based on OWASP standards.

OWASP Security Auditor

Performs comprehensive security audits based on the OWASP Top 10 vulnerabilities using parallel subagent analysis.

Authentication Security Auditor

Audits source code for authentication vulnerabilities and session management failures to align with OWASP security standards.

PASTA Business Objectives Analysis

Defines business objectives and critical assets to anchor threat modeling in organizational impact.

WebSocket Security Auditor

Analyzes WebSocket implementations for security vulnerabilities like CSWSH, missing authentication, and inadequate message validation.

Threat Modeling & Security Architecture

Automates architecture-level threat modeling and STRIDE analysis to identify security gaps and visualize data flows.

VS Code TDD Expert

Guides the implementation of Test-Driven Development for VS Code extensions using the t-wada methodology to ensure robust command, WebView, and terminal logic.

Security Audit Scanner

Automates comprehensive security audits, vulnerability scanning, and secret detection for complex multi-service architectures.

Smart Test Fixer

Systematically identifies, groups, and resolves failing tests to restore codebase stability and achieve a green test suite.

AppSec Information Disclosure Auditor

Analyzes source code to identify and mitigate sensitive data leakage, verbose error messages, and unauthorized information disclosure risks.

Secrets Management for CI/CD

Implements secure handling, storage, and rotation of sensitive credentials across major CI/CD platforms and cloud providers.

Solidity Smart Contract Security

Implements secure smart contract development patterns and identifies critical vulnerabilities in Solidity code to ensure robust blockchain applications.

PASTA Application Decomposition

Analyzes application architecture to identify components, trust boundaries, and data sensitivity for formal threat modeling.

SAST Configuration & Security Scanning

Configures and automates Static Application Security Testing (SAST) tools for comprehensive vulnerability detection in application code.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, fixtures, mocking, and test-driven development best practices.

Web3 Smart Contract Testing

Implements comprehensive smart contract testing suites using Hardhat and Foundry to ensure blockchain security and gas efficiency.

Root Cause Tracing

Systematically traces bugs through call stacks to identify and fix the original source of errors rather than just their symptoms.

GraphQL Security Auditor

Analyzes GraphQL endpoints and schemas for critical security vulnerabilities like introspection leaks, depth abuse, and missing authorization.

Ark Dashboard & UI Testing

Automates Ark Dashboard UI testing and screenshot generation for pull requests using Playwright and Kubernetes.

Security Explainer

Explains complex security frameworks, vulnerability categories, and specific findings using real-world examples from your own codebase.

Repudiation & Audit Analysis

Analyzes source code for repudiation threats by identifying missing audit logs, insufficient event tracking, and log tampering vulnerabilities.

Comprehensive Codebase Audit

Performs multi-dimensional codebase reviews using specialized AI agents to identify security, performance, and architectural issues.

AppSec Security Fix Generator

Generates and applies production-ready code fixes for security vulnerabilities and findings identified within your codebase.

Auth Manager

Secures and organizes API keys and authentication credentials for external services within the Claude Code environment.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests first.

PASTA Threat Modeling

Conducts sequential, risk-centric threat modeling using the 7-stage PASTA framework to align security findings with business objectives.

Identity Spoofing Security Analysis

Analyzes source code to identify and remediate identity spoofing vulnerabilities and authentication weaknesses based on the STRIDE threat model.

Bash Automated Testing (Bats)

Master the Bash Automated Testing System (Bats) to create robust, production-grade unit tests for shell scripts and CI/CD pipelines.

Web Application Testing

Automates end-to-end testing and UI debugging for local web applications using Playwright and managed server lifecycles.