Security & Testing Agent Skills

PCI Compliance & Secure Payments

Implements PCI DSS requirements and secure payment handling patterns to protect cardholder data and ensure regulatory compliance.

Cloudflare Turnstile Integration

Implements secure, privacy-focused bot protection and spam prevention using Cloudflare Turnstile.

GDPR Compliance Expert

Implements GDPR-compliant coding patterns and privacy-by-design principles to protect user data and ensure legal adherence.

SOC 2 Compliance Specialist

Guides developers through the implementation of SOC 2 Trust Services Criteria, from access controls to audit-ready logging and evidence collection.

HIPAA Compliance Guide

Provides expert guidance and technical safeguards for developing HIPAA-compliant healthcare applications and handling Protected Health Information (PHI).

PCI DSS Compliance Guidelines

Implements secure payment processing and cardholder data handling patterns following PCI DSS v4.0 standards.

Rust Unsafe & FFI Guide

Provides expert guidance and safety patterns for writing sound unsafe code and FFI bindings in Rust.

PHP Security Essentials

Implements industry-standard PHP security patterns and hardening techniques to protect applications against OWASP Top 10 vulnerabilities.

Smart Test Fixing

Systematically identifies, groups, and resolves failing test suites using an intelligent root-cause analysis workflow.

Security Review & Audit

Enforces rigorous security standards and identifies vulnerabilities across authentication, data handling, and API implementation.

TDD Workflow Enforcer

Implements a rigorous test-driven development cycle ensuring 80% code coverage across unit, integration, and end-to-end tests.

Verification Loop

Standardizes code quality through a rigorous six-phase verification process covering builds, types, linting, tests, security, and diffs.

Test-Driven Development Mastery

Enforces a rigorous Red-Green-Refactor workflow to ensure high-quality, verified production code through strict TDD principles.

JPlan Holistic Code Review

Performs comprehensive architectural and security code reviews, generating structured issue reports aligned with project requirements.

Automated Task Validator

Validates code integrity by running syntax checks, linters, type checkers, and unit tests on modified files.

SonarCloud Security Triage

Applies bulk triage decisions to SonarCloud security hotspots and vulnerabilities using CSV-based review data and API automation.

Lore Code Review

Performs structured, multi-scope code reviews using a rigorous 3-pass auditable workflow to identify security vulnerabilities and architectural flaws.

1Password Manager

Manages 1Password secrets, credentials, and OTP codes directly through the command line.

PICT Test Designer

Generates optimized pairwise test cases and combinatorial models from software requirements or code.

Security & Dependency Audit

Conducts comprehensive security audits of project dependencies, configurations, and sensitive files to identify and remediate vulnerabilities.

Systematic Debugger

Enforces a disciplined, multi-phase methodology for root cause investigation and verified bug resolution within Claude Code.

Claude Eval Harness

Implements a formal evaluation framework for Claude Code sessions using Eval-Driven Development (EDD) principles.

Git Diff Reviewer

Analyzes staged and unstaged Git changes to identify bugs, security risks, and incomplete code before you commit.

Git Branch Protection

Enforces safe Git workflows by blocking direct pushes to primary branches and preventing unapproved force pushes within Claude Code.

SonarCloud Security Audit Tool

Conducts automated security audits of SonarCloud vulnerabilities and hotspots across NASA PDS repositories and exports detailed reports for triage.

Verification Before Completion

Enforces a strict discipline of running fresh verification commands and analyzing actual output before claiming any task is finished or successful.

Rockets Runtime Diagnostics

Diagnoses and fixes startup, build, and ACL configuration issues within Rockets SDK projects.

Playwright E2E Specialist

Builds robust, maintainable end-to-end browser tests using Playwright best practices and the Page Object Model.

Rockets Access Control

Implements and manages granular Access Control Lists (ACL) and Role-Based Access Control (RBAC) for secure backend services.

Systematic Debugging Framework

Implements a rigorous four-phase debugging methodology to identify root causes and ensure stable, long-term software fixes.