Security & Testing Agent Skills

Attack Surface Mapping

Maps and inventories every application entry point to identify potential security exposure and undocumented interfaces.

Jest Mocking Patterns

Provides expert guidance and code patterns for implementing comprehensive mocking strategies in Jest-based testing environments.

PASTA Business Objectives Analysis

Defines business objectives and critical assets to anchor threat modeling in organizational impact.

Crypto Security Auditor

Audits source code for cryptographic vulnerabilities, weak encryption algorithms, and insecure secret management based on OWASP standards.

OWASP Security Auditor

Performs comprehensive security audits based on the OWASP Top 10 vulnerabilities using parallel subagent analysis.

LINDDUN Privacy Threat Analysis

Automates comprehensive privacy threat modeling using the LINDDUN framework to identify data protection risks and regulatory gaps.

Threat Modeling & Security Architecture

Automates architecture-level threat modeling and STRIDE analysis to identify security gaps and visualize data flows.

VS Code TDD Expert

Guides the implementation of Test-Driven Development for VS Code extensions using the t-wada methodology to ensure robust command, WebView, and terminal logic.

AppSec Information Disclosure Auditor

Analyzes source code to identify and mitigate sensitive data leakage, verbose error messages, and unauthorized information disclosure risks.

Smart Test Fixer

Systematically identifies, groups, and resolves failing tests to restore codebase stability and achieve a green test suite.

Secrets Management for CI/CD

Implements secure handling, storage, and rotation of sensitive credentials across major CI/CD platforms and cloud providers.

Security Audit Scanner

Automates comprehensive security audits, vulnerability scanning, and secret detection for complex multi-service architectures.

Solidity Smart Contract Security

Implements secure smart contract development patterns and identifies critical vulnerabilities in Solidity code to ensure robust blockchain applications.

Authentication Security Auditor

Audits source code for authentication vulnerabilities and session management failures to align with OWASP security standards.

SAST Configuration & Security Scanning

Configures and automates Static Application Security Testing (SAST) tools for comprehensive vulnerability detection in application code.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, fixtures, mocking, and test-driven development best practices.

Web3 Smart Contract Testing

Implements comprehensive smart contract testing suites using Hardhat and Foundry to ensure blockchain security and gas efficiency.

Root Cause Tracing

Systematically traces bugs through call stacks to identify and fix the original source of errors rather than just their symptoms.

GraphQL Security Auditor

Analyzes GraphQL endpoints and schemas for critical security vulnerabilities like introspection leaks, depth abuse, and missing authorization.

Security Explainer

Explains complex security frameworks, vulnerability categories, and specific findings using real-world examples from your own codebase.

Repudiation & Audit Analysis

Analyzes source code for repudiation threats by identifying missing audit logs, insufficient event tracking, and log tampering vulnerabilities.

Ark Dashboard & UI Testing

Automates Ark Dashboard UI testing and screenshot generation for pull requests using Playwright and Kubernetes.

Security Report Generator

Generates comprehensive security reports from vulnerability findings, scanner results, and analysis data.

AppSec Security Fix Generator

Generates and applies production-ready code fixes for security vulnerabilities and findings identified within your codebase.

Auth Manager

Secures and organizes API keys and authentication credentials for external services within the Claude Code environment.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests first.

PASTA Threat Modeling

Conducts sequential, risk-centric threat modeling using the 7-stage PASTA framework to align security findings with business objectives.

WebSocket Security Auditor

Analyzes WebSocket implementations for security vulnerabilities like CSWSH, missing authentication, and inadequate message validation.

Bash Automated Testing (Bats)

Master the Bash Automated Testing System (Bats) to create robust, production-grade unit tests for shell scripts and CI/CD pipelines.

Web Application Testing

Automates end-to-end testing and UI debugging for local web applications using Playwright and managed server lifecycles.