Security & Testing Agent Skills

Regression Test Tracker

Automates the identification, execution, and analysis of regression tests to prevent breaking changes and ensure code stability.

Threat Model Security Testing

Generates automated security test cases and attack scenarios directly from threat models to verify controls and prevent regressions.

Threat Model Initializer

Automates the creation of comprehensive threat models by analyzing architecture documentation and system components.

Accessibility Test Scanner

Conducts comprehensive WCAG accessibility audits and ARIA validations to ensure web applications are inclusive and compliant.

Code Smell Detector & Refactor Guide

Analyzes source code to identify anti-patterns, complexity issues, and technical debt while providing senior-level refactoring advice.

Web Application Testing with Playwright

Automates end-to-end web testing and UI verification using Python Playwright scripts.

Threat Modeling & Risk Analysis

Analyzes system threats using STRIDE or PASTA frameworks to generate comprehensive threat catalogs, attack trees, and risk registers.

Test Coverage Analyzer

Analyzes code coverage metrics to identify untested code paths and generate detailed quality reports.

E2E Testing Expert

Implements and optimizes end-to-end test suites using Playwright and Cypress to ensure robust web application reliability.

Security Control Verifier

Verifies the implementation of security controls within your codebase against documented threat models to identify gaps and ensure compliance.

Security Risk Report Generator

Generates comprehensive, prioritized security risk reports and executive summaries from threat model data.

XSS Vulnerability Scanner

Scans web applications for Cross-Site Scripting vulnerabilities and provides context-aware remediation guidance.

Systematic Debugging

Enforces a rigorous four-phase methodology to identify root causes and resolve technical issues without guess-and-check thrashing.

Pytest Testing

Streamlines the creation, organization, and execution of robust Python test suites using the Pytest framework.

Compliance Mapping Toolkit

Maps security threats and controls to major compliance frameworks like OWASP, SOC2, and PCI-DSS to generate audit-ready documentation.

Parallel Agent Dispatcher

Optimizes debugging workflows by dispatching multiple independent Claude agents to resolve unrelated test failures and bugs concurrently.

Claude Plugin Auditor

Automates security, compliance, and quality audits for Claude Code plugins to ensure they meet production standards.

Security Incident Responder

Guides users through the complete security incident response lifecycle from initial triage and containment to forensic investigation and recovery.

OWASP Compliance Checker

Scans codebases for web application security vulnerabilities based on the OWASP Top 10 standards to ensure production-ready security.

Security Audit Reporter

Generates comprehensive security audit reports and compliance assessments to identify system vulnerabilities and provide actionable remediation steps.

Threat Modeling Status

Displays a comprehensive overview of security posture, including asset counts, threat distribution, and compliance coverage within Claude Code.

Database Test Manager

Automates the creation of robust database testing environments through data generation, transaction management, and schema validation.

CSRF Protection Validator

Validates web application security by identifying Cross-Site Request Forgery (CSRF) vulnerabilities and auditing protection mechanisms.

Nixtla Release Validation

Automates multi-phase release validation workflows to ensure stability and predict test impacts for Nixtla time-series projects.

Secrets Management for DevOps

Secures sensitive credentials across CI/CD pipelines, cloud providers, and Kubernetes environments using industry-standard tools.

Full Threat Modeling Workflow

Automates the end-to-end threat modeling lifecycle from asset discovery to comprehensive risk reporting using industry-standard frameworks.

SOC2 Audit Helper

Streamlines SOC2 audit preparation by automating evidence gathering, report generation, and compliance gap analysis.

Data Privacy Scanner

Scans codebases and configurations to identify PII leaks, regulatory compliance violations, and potential data privacy vulnerabilities.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor cycle to ensure code quality and prevent technical debt through mandatory test-first development.

Infrastructure Compliance Checker

Analyzes cloud infrastructure configurations to ensure compliance with SOC2, HIPAA, and PCI-DSS standards.