Security & Testing Agent Skills

Secure SDLC Hardening Roadmap

Implements a four-phase defense-in-depth strategy to secure the Software Development Lifecycle through automated gates, branch protection, and runtime enforcement.

Intent-Based Spec Tests

Implements natural language specification testing using Claude as a judge to ensure code aligns with business intent and user requirements.

Systematic Debugging Workflow

Enforces a disciplined, four-phase methodology to identify root causes and resolve software defects without guesswork.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all implementation work is verified by failing tests before production code is written.

Verification Before Completion

Enforces a rigorous verification-first workflow that requires fresh command output before claiming any task is complete or successful.

Web3 Smart Contract Testing

Validates and secures smart contracts using comprehensive Hardhat and Foundry testing frameworks.

Solidity Smart Contract Security

Secures Ethereum smart contracts by identifying vulnerabilities and implementing industry-standard protection patterns.

SAST Configuration & Security Scanning

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection across multiple programming languages.

GDPR Data Handling & Compliance

Implements GDPR-compliant data processing workflows including consent management, data subject rights, and automated retention policies.

Bats Shell Testing Patterns

Implements robust automated testing for shell scripts using the Bash Automated Testing System (Bats) to ensure script reliability and maintainability.

Attack Tree Construction

Generates systematic attack path visualizations to identify security vulnerabilities and defensive priorities.

Authentication & Authorization Patterns

Implements secure access control systems using JWT, OAuth2, session management, and role-based permissions.

STRIDE Threat Modeling Patterns

Systematically identifies and mitigates security threats using the industry-standard STRIDE methodology during system architecture and code reviews.

E2E Testing Patterns

Implements robust end-to-end testing suites using Playwright and Cypress to ensure application reliability and performance.

Threat Mitigation Mapping

Maps security threats to specific controls and remediation plans to ensure comprehensive application defense.

WCAG Audit Patterns

Conducts comprehensive WCAG 2.2 accessibility audits with automated testing scripts and manual remediation guidance.

Memory Safety Patterns

Implements and optimizes memory-safe programming patterns across Rust, C++, and C to eliminate leaks and memory-related vulnerabilities.

Python Testing Patterns

Implements comprehensive Python testing suites using pytest, advanced mocking techniques, and industry-standard testing patterns.

JavaScript Testing Patterns

Implements comprehensive testing strategies for JavaScript and TypeScript applications using industry-standard frameworks like Jest and Vitest.

Kubernetes Security Policies

Implements production-grade Kubernetes security using NetworkPolicies, Pod Security Standards, and RBAC to secure clusters and enforce compliance.

Temporal Python Testing

Implements comprehensive testing strategies for Temporal workflows in Python using pytest, time-skipping, and replay validation.

Screen Reader Testing Toolkit

Guides developers through comprehensive accessibility validation using major screen readers like VoiceOver, NVDA, and JAWS.

Better Auth Implementation

Implements secure, session-based authentication and OAuth providers using the Better Auth framework for TypeScript and JavaScript applications.

React Component Testing

Optimizes React component testing by implementing accessible queries, user event simulations, and robust async handling.

Laravel Authentication & Authorization

Implements secure user authentication and granular authorization patterns for Laravel applications using industry-standard tools and best practices.

Laravel Testing Expert

Writes robust Pest and PHPUnit tests for Laravel applications, covering feature, unit, and database testing layers.

Laravel Permissions Expert

Implements robust Role-Based Access Control (RBAC) in Laravel applications using the Spatie Laravel Permission package.

Test Patterns

Simplifies the creation and organization of robust tests using industry-standard patterns across multiple programming languages.

Root Cause Tracing

Traces bugs back to their original trigger by systematically analyzing call stacks and implementing multi-layered defense-in-depth.

Defense-in-Depth Validation

Implements multi-layered data validation strategies to prevent deep-system failures and make software bugs structurally impossible.