Security & Testing Agent Skills

Testing Skills with Subagents

Applies Test-Driven Development principles to skill documentation by running baseline tests and measuring compliance through automated subagent workflows.

Route Tester

Automates the testing and validation of authenticated API routes using cookie-based JWT authentication and mock testing patterns.

Testing Skills with Subagents

Implements a rigorous testing methodology for Claude skills using subagent-driven pressure scenarios and test-driven development principles.

Golang Code Review

Conducts comprehensive Go code reviews by analyzing architecture, security, and test quality against idiomatic patterns and project-specific standards.

TDD Workflow

Implements a strict Red-Green-Refactor testing cycle based on Anthropic's best practices for robust software development.

NestJS Authentication

Implements secure and idiomatic authentication and authorization systems in NestJS applications using JWT, guards, and role-based access control.

Cloudflare Security Hardening

Hardens Cloudflare Workers and Pages APIs using WAF-style protections, rate limiting, and secure implementation patterns.

Hono Authentication

Implements secure, runtime-aware authentication and authorization systems for Hono-based TypeScript backends.

Web Application Testing

Executes and manages Playwright E2E tests within Docker environments while ensuring reliable browser lifecycle management.

Testing Base

Enforces standardized testing conventions, file structures, and assertion patterns across unit, component, integration, and E2E tests.

Subagent Skill Testing

Verifies skill reliability and pressure resistance through a quantitative TDD cycle and compliance scoring.

Gemini CLI Integration

Analyzes massive codebases and complex directories by leveraging Google Gemini's large context window and flexible file-inclusion syntax.

MailHog Email Testing

Simplifies the setup, management, and automation of MailHog servers for local email testing and development workflows.

Skill Validator

Ensures skill and Model Context Protocol (MCP) implementations align with their manifests by performing Codex-powered semantic comparisons of code against descriptions, preconditions, and effects.

AST-Grep Code Search

Executes precise, structural code searches and analysis using Abstract Syntax Tree (AST) patterns to identify complex language constructs.

Claude Permissions

Manages and configures security permissions, sandboxing environments, and tool access protocols for Claude Code.

CSRF Protection

Secures web applications by implementing Cross-Site Request Forgery (CSRF) protection using cryptographic token validation and secure cookie policies.

Security Awareness Overview

Provides a comprehensive framework for understanding and mitigating the security risks associated with AI-generated code and the "vibe coding" development paradigm.

Injection Vulnerability Awareness

Identifies and remediates common injection vulnerabilities in AI-generated code, including SQL injection, command injection, and cross-site scripting (XSS).

Supply Chain Risk Management

Identifies and mitigates supply chain vulnerabilities in AI-generated code, including outdated packages, typosquatting, and dependency confusion attacks.

Security Operations

Provides comprehensive operational security guidance for web application deployment, monitoring, and secret management.

Information Leakage Prevention

Prevents the exposure of sensitive credentials and private data by identifying hardcoded secrets and insecure logging patterns in generated code.

Payment Security

Implement secure subscription billing and payment gating using Clerk Billing and Stripe while ensuring PCI-DSS compliance through outsourced card data handling.

Resource Exhaustion Security

Identifies and mitigates resource exhaustion and denial-of-service vulnerabilities in AI-generated code by implementing strict operational limits and resource-aware patterns.

Dependency & Supply Chain Security

Audits and secures software dependencies to prevent supply chain attacks and mitigate known vulnerabilities in application packages.

Security Headers

Configures robust HTTP security headers to protect web applications against clickjacking, cross-site scripting (XSS), and data exfiltration.

Implement Feature

Implements software features from task specifications using Test-Driven Development (TDD) and automated validation.

Input Validation & XSS Prevention

Validates and sanitizes user input using Zod schemas to protect web applications against XSS, injection attacks, and data corruption.

Validate Test Reality

Validates test coverage against real-world production scenarios and identifies critical gaps between specifications and reality.

Quality Review Orchestrator

Coordinates a comprehensive quality assessment by executing specialized skills for risk, testing, traceability, and non-functional requirements to generate a final quality gate decision.