Security & Testing Claude 技能

VS Code TDD Expert

Guides the implementation of Test-Driven Development for VS Code extensions using the t-wada methodology to ensure robust command, WebView, and terminal logic.

Security Misconfiguration Auditor

Audits application and infrastructure configurations to identify and remediate security vulnerabilities based on OWASP standards.

Security Audit Scanner

Automates comprehensive security audits, vulnerability scanning, and secret detection for complex multi-service architectures.

Smart Test Fixer

Systematically identifies, groups, and resolves failing tests to restore codebase stability and achieve a green test suite.

Secrets Management for CI/CD

Implements secure handling, storage, and rotation of sensitive credentials across major CI/CD platforms and cloud providers.

Solidity Smart Contract Security

Implements secure smart contract development patterns and identifies critical vulnerabilities in Solidity code to ensure robust blockchain applications.

SAST Configuration & Security Scanning

Configures and automates Static Application Security Testing (SAST) tools for comprehensive vulnerability detection in application code.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, fixtures, mocking, and test-driven development best practices.

OWASP Security Auditor

Performs comprehensive security audits based on the OWASP Top 10 vulnerabilities using parallel subagent analysis.

Web3 Smart Contract Testing

Implements comprehensive smart contract testing suites using Hardhat and Foundry to ensure blockchain security and gas efficiency.

Root Cause Tracing

Systematically traces bugs through call stacks to identify and fix the original source of errors rather than just their symptoms.

PASTA Threat Modeling

Conducts sequential, risk-centric threat modeling using the 7-stage PASTA framework to align security findings with business objectives.

Ark Dashboard & UI Testing

Automates Ark Dashboard UI testing and screenshot generation for pull requests using Playwright and Kubernetes.

GraphQL Security Auditor

Analyzes GraphQL endpoints and schemas for critical security vulnerabilities like introspection leaks, depth abuse, and missing authorization.

Threat Modeling & Security Architecture

Automates architecture-level threat modeling and STRIDE analysis to identify security gaps and visualize data flows.

Comprehensive Codebase Audit

Performs multi-dimensional codebase reviews using specialized AI agents to identify security, performance, and architectural issues.

Auth Manager

Secures and organizes API keys and authentication credentials for external services within the Claude Code environment.

AppSec Security Fix Generator

Generates and applies production-ready code fixes for security vulnerabilities and findings identified within your codebase.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests first.

AppSec Full Audit

Conducts exhaustive, multi-framework security audits and generates comprehensive, compliance-ready reports.

Bash Automated Testing (Bats)

Master the Bash Automated Testing System (Bats) to create robust, production-grade unit tests for shell scripts and CI/CD pipelines.

Web Application Testing

Automates end-to-end testing and UI debugging for local web applications using Playwright and managed server lifecycles.

Security Assessment Tools

Performs comprehensive security audits, network reconnaissance, and vulnerability management directly from the command line using Shodan, OSV, and KEV integrations.

AppSec Information Disclosure Auditor

Analyzes source code to identify and mitigate sensitive data leakage, verbose error messages, and unauthorized information disclosure risks.

Security Report Generator

Generates comprehensive security reports from vulnerability findings, scanner results, and analysis data.

Kubernetes Security Policies

Implements production-grade Kubernetes security policies including NetworkPolicy, RBAC, and Pod Security Standards to ensure cluster-wide defense-in-depth.

AppSec Fix Verification

Validates security remediations by re-running scanners and performing deep AI code analysis to confirm vulnerabilities are fully resolved.

Ark Security Issue Resolver

Identifies and remediates common security vulnerabilities and penetration testing findings within the Ark framework.

Systematic Debugging

Enforces a rigorous four-phase framework to identify root causes and eliminate guess-and-check thrashing during the software debugging process.

SANS/CWE Top 25 Security Analyzer

Analyzes codebases for the SANS/CWE Top 25 most dangerous software weaknesses to identify and fix critical security vulnerabilities.