Security & Testing Agent Skills

Validate Test Reality

Validates test coverage against real-world production scenarios and identifies critical gaps between specifications and reality.

Pharaoh MECE Analysis

Validates sphinx-needs requirement sets for structural integrity, traceability gaps, and logical consistency.

Input Validation & XSS Prevention

Validates and sanitizes user input using Zod schemas to protect web applications against XSS, injection attacks, and data corruption.

Implement Feature

Implements software features from task specifications using Test-Driven Development (TDD) and automated validation.

Security Headers

Configures robust HTTP security headers to protect web applications against clickjacking, cross-site scripting (XSS), and data exfiltration.

IDA Plugin Packager

Simplifies the packaging and distribution of IDA Pro plugins for the Hex-Rays Plugin Manager ecosystem.

Dependency & Supply Chain Security

Audits and secures software dependencies to prevent supply chain attacks and mitigate known vulnerabilities in application packages.

Resource Exhaustion Security

Identifies and mitigates resource exhaustion and denial-of-service vulnerabilities in AI-generated code by implementing strict operational limits and resource-aware patterns.

Payment Security

Implement secure subscription billing and payment gating using Clerk Billing and Stripe while ensuring PCI-DSS compliance through outsourced card data handling.

Information Leakage Prevention

Prevents the exposure of sensitive credentials and private data by identifying hardcoded secrets and insecure logging patterns in generated code.

Security Operations

Provides comprehensive operational security guidance for web application deployment, monitoring, and secret management.

Supply Chain Risk Management

Identifies and mitigates supply chain vulnerabilities in AI-generated code, including outdated packages, typosquatting, and dependency confusion attacks.

Injection Vulnerability Awareness

Identifies and remediates common injection vulnerabilities in AI-generated code, including SQL injection, command injection, and cross-site scripting (XSS).

Security Awareness Overview

Provides a comprehensive framework for understanding and mitigating the security risks associated with AI-generated code and the "vibe coding" development paradigm.

Eval Harness

Implements an Eval-Driven Development (EDD) framework to ensure reliability and regression testing for AI-generated code.

CSRF Protection

Secures web applications by implementing Cross-Site Request Forgery (CSRF) protection using cryptographic token validation and secure cookie policies.

Claude Permissions

Manages and configures security permissions, sandboxing environments, and tool access protocols for Claude Code.

Spring Boot TDD Workflow

Guides the implementation of Spring Boot applications using Test-Driven Development patterns with JUnit 5, Mockito, and Testcontainers.

Test Runner & Fixer

Automates the execution, diagnosis, and repair of project test suites while configuring best-in-class testing infrastructure for any programming language.

AST-Grep Code Search

Executes precise, structural code searches and analysis using Abstract Syntax Tree (AST) patterns to identify complex language constructs.

Verified Completion Assurance

Enforces rigorous development standards by requiring empirical evidence and formal certification before any task is marked as complete.

Parallel Agent Dispatcher

Orchestrates multiple sub-agents to concurrently investigate and resolve independent test failures and bugs.

NestJS Authentication

Implements secure and idiomatic authentication and authorization systems in NestJS applications using JWT, guards, and role-based access control.

Email Forensics

Analyzes email messages and mailbox archives to investigate phishing, business email compromise, and security threats.

JWT Authentication for Node.js

Implements secure JSON Web Token authentication with refresh token logic and role-based access control for Node.js applications.

Node.js Jest Testing

Implements comprehensive testing suites for Node.js applications using Jest, covering unit tests, mocking, and API integration.

CCG Code Guardian

Enhances development workflows with persistent memory, automated security guarding, and multi-agent coordination for complex repositories.

Skill Validator

Ensures skill and Model Context Protocol (MCP) implementations align with their manifests by performing Codex-powered semantic comparisons of code against descriptions, preconditions, and effects.

Adversarial Fingerprint Testing

Validates Pivot pipeline fingerprinting by identifying code changes that bypass cache invalidation logic.

MailHog Email Testing

Simplifies the setup, management, and automation of MailHog servers for local email testing and development workflows.