Security & Testing Agent Skills

WCAG & ARIA Accessibility Lookup

Provides instant access to WCAG 2.1 AA criteria and WAI-ARIA implementation patterns with official W3C references.

NVD CVE Vulnerability Search

Searches the NIST National Vulnerability Database to identify security vulnerabilities and assess risk scores for software components.

SAST Security Runner

Automates static application security testing using Semgrep to identify vulnerabilities, security anti-patterns, and OWASP Top 10 issues.

Enterprise Cybersecurity Policy Generator

Generates framework-compliant enterprise cybersecurity policies in multiple formats using industry-standard templates from SANS and CIS Controls.

Auth Implementation Patterns

Implements secure authentication and authorization systems using modern patterns like JWT, OAuth2, and RBAC.

Bats Shell Testing Patterns

Provides comprehensive guidance and implementation patterns for writing robust unit tests for shell scripts using the Bash Automated Testing System.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests before implementation.

Claude Permission Manager

Automates the configuration of granular Claude Code permissions to enable seamless Git and GitHub operations while blocking destructive commands.

Solidity Security

Implements secure smart contract patterns and audits Solidity code to prevent common blockchain vulnerabilities and exploits.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure high-quality, bug-free production code through test-first development.

MCP Fortress Security Scanner

Protects Model Context Protocol (MCP) ecosystems by scanning servers for vulnerabilities, prompt injection attacks, and malicious tool poisoning.

Doppler Secret Validator

Manages and validates API secrets in Doppler with automated testing and secure storage workflows.

Regression Testing Orchestrator

Automates the evaluation and implementation of regression tests following bug fixes to ensure long-term code stability.

Systematic Debugging

Enforces a rigorous, four-phase debugging protocol to identify root causes and prevent regression-prone quick fixes.

QA Screenshot Management

Standardizes screenshot capture, naming, and organization to ensure visual traceability and consistency during QA testing.

QA Testing & Methodology

Implements standardized QA frameworks and test design patterns to ensure comprehensive software quality and accessibility coverage.

OAuth Implementation

Implements secure OAuth 2.0 and OpenID Connect authentication flows using standardized industry patterns and security best practices.

QA Test Management

Manages the end-to-end QA test lifecycle with automated naming conventions, directory structures, and traceability to requirements.

Solidity Security & Best Practices

Implements secure smart contract development patterns and identifies critical vulnerabilities in Solidity code for blockchain applications.

RAG/CAG Security Patterns

Secures retrieval-augmented and cache-augmented generation systems through multi-tenant isolation, document-level access control, and prompt injection prevention.

JavaScript Testing Patterns

Implements comprehensive testing strategies for JavaScript and TypeScript applications using modern frameworks and best practices.

QA Screenshot Validation

Validates UI screenshots for layout integrity, element clipping, and rendering issues with intelligent viewport handling.

Web App Testing & Playwright Automation

Automates browser-based testing and UI verification for local web applications using Playwright and server lifecycle management.

Spec Validator

Validates code implementations against technical specifications to ensure requirement coverage, test compliance, and documentation accuracy.

Privacy Compliance

Implements robust data protection standards and regulatory compliance for global privacy jurisdictions.

QA Element Extraction

Automates the capture of specific UI component screenshots from QA test procedures to create clear visual documentation.

MCP Security Architect

Implements a robust 5-layer defense architecture to secure multi-agent systems and MCP pipelines against prompt injection and unauthorized access.

Agent Tool Permissions

Configures granular tool permissions and path restrictions for secure, multi-agent Claude Code workflows.

Faber Evaluate

Automates the testing and quality review phase of the FABER workflow to ensure code meets specifications before release.

Workflow Validator

Validates Claude agentic workflows to ensure compliance with architectural patterns and the Manager-as-Agent principle.