Security & Testing Agent Skills

FFUF Web Fuzzing Expert

Optimizes web fuzzing workflows using FFUF for high-speed content discovery and vulnerability identification during security audits.

Plugin Auditor

Audits Claude Code plugins for security vulnerabilities, repository compliance, and code quality standards.

API Security Fuzzer

Performs automated fuzz testing on REST APIs to identify security vulnerabilities, crashes, and input validation failures using malformed payloads.

Plugin Validator

Ensures Claude Code plugins meet structural, security, and marketplace standards through automated validation and auto-fixing.

Security Drift Detection

Monitors and reports architectural changes to identify security drift and new potential risks in your threat model.

PCI DSS Compliance Validator

Assesses codebases and infrastructure configurations for compliance with Payment Card Industry Data Security Standards to identify vulnerabilities.

Test Report Generator

Generates comprehensive, multi-format test reports with code coverage metrics and historical trend analysis.

Integration Test Runner

Orchestrates and executes comprehensive integration test suites with automated environment setup and teardown.

CORS Policy Validator

Analyzes and validates Cross-Origin Resource Sharing (CORS) configurations to identify security vulnerabilities and ensure policy correctness.

Security Test Scanner

Automates comprehensive security vulnerability testing and penetration scanning for applications and APIs.

Security Misconfiguration Finder

Identifies and remediates security vulnerabilities across infrastructure-as-code, application configurations, and system settings.

Container Security Scanner

Scans Docker images and running containers for vulnerabilities using industry-standard tools like Trivy and Snyk to ensure secure deployments.

Artifact Collector

Collects and manages forensic evidence from endpoints, including memory dumps, system logs, and network traffic, using the LimaCharlie security platform.

API Fuzz Testing & Security

Performs automated fuzz testing on REST APIs to identify security vulnerabilities, input validation failures, and edge-case crashes.

Container Security Scanner

Scans Docker images and running containers for vulnerabilities using industry-standard tools like Trivy and Snyk.

PCI DSS Compliance Validator

Validates codebases and infrastructure configurations against Payment Card Industry Data Security Standard (PCI DSS) requirements to ensure secure cardholder data handling.

API Test Automation

Automates the creation and execution of comprehensive test suites for REST and GraphQL APIs to ensure contract compliance and functional reliability.

Temporal Python Testing

Streamlines the testing of Temporal workflows and activities using pytest, time-skipping, and determinism validation.

Contract Test Validator

Ensures API reliability by generating and validating consumer-driven contract tests using Pact and OpenAPI specifications.

Secrets Management

Implements secure secrets handling for CI/CD pipelines using Vault, AWS Secrets Manager, and cloud-native solutions.

Temporal Python Testing

Automates and guides the testing of Temporal workflows in Python using pytest, time-skipping, and determinism validation.

Infrastructure Compliance Checker

Automates infrastructure security audits against industry standards including SOC2, HIPAA, and PCI-DSS to identify and remediate configuration gaps.

Design-by-Contract Developer

Implements formal contract verification using preconditions, postconditions, and invariants across multiple programming languages to ensure code reliability.

Stateful Rule Designer

Designs complex stateful Detection & Response (D&R) rules for LimaCharlie to correlate events over time and track process tree relationships.

Access Control Auditor

Audits and identifies vulnerabilities in access control configurations, IAM policies, and network permissions to ensure security compliance.

Codex ThinkDeep

Performs deep, multi-step technical investigations and complex reasoning using high-effort analysis patterns.

Compliance Report Generator

Automates the creation of professional security compliance reports and regulatory documentation for major industry standards.

Blueprint Develop

Implements trading strategies using test-driven development and rigorous postmortem compliance to prevent architectural regressions.

API Security Fuzzer

Performs automated fuzz testing on REST APIs to identify security vulnerabilities, boundary value issues, and unexpected behavior.

Reflective Verification

Implements a systematic reflection methodology to verify task completion and ensure engineering precision through rigorous quality assurance.