Security & Testing Claude 技能

Security Compliance & Governance

Automates security framework assessments and regulatory governance to ensure production-grade compliance adherence.

Web Application Testing

Automates the testing and verification of local web applications using Playwright scripts and integrated server management.

Enterprise Code Reviewer

Performs comprehensive enterprise-grade code reviews focused on security, performance, maintainability, and architectural integrity.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure high-quality, verified code production through test-first development.

Surface Assumptions

Identifies and validates hidden technical assumptions to prevent logic errors and edge-case bugs before implementation.

Agent Evaluation

Evaluates and benchmarks LLM agents using behavioral testing, reliability metrics, and regression analysis to ensure production readiness.

Offensive Security Testing

Performs authorized penetration testing and vulnerability assessments to identify security risks using industry-standard methodologies.

API Test Automation

Automates the generation and execution of comprehensive REST and GraphQL API test suites to ensure contract compliance and endpoint reliability.

Fabric Intelligence

Integrates 240+ specialized AI patterns from the Fabric CLI to automate complex tasks like threat modeling, summarization, and data extraction.

Agent Evaluation

Evaluates and benchmarks LLM agents using behavioral testing, reliability metrics, and statistical analysis to ensure production readiness.

Better Auth Implementation

Implements secure, framework-agnostic authentication and authorization using the Better Auth TypeScript ecosystem.

SMTP Security Penetration Testing

Performs comprehensive security audits on SMTP servers to identify vulnerabilities like open relays, user enumeration, and weak authentication.

API Integration Testing

Validates .NET microservice endpoints using curl to ensure secure JWT authentication, proper CRUD functionality, and multi-tenant business isolation.

Root Cause Tracing & Debugging

Traces complex software bugs systematically back to their original trigger points using stack analysis and instrumentation.

Security Quick Audit

Performs rapid security assessments on code changes to identify common vulnerabilities and risks before deployment.

Fabric Native Patterns

Executes 240+ specialized Fabric prompts natively within Claude Code for advanced content analysis, security auditing, and wisdom extraction.

Scale Game: Extreme Stress-Testing

Identifies architectural weaknesses and hidden bottlenecks by stress-testing software concepts at extreme theoretical scales.

Test-Driven Development (TDD)

Implements a disciplined Red-Green-Verify development cycle to ensure high-quality, test-backed code implementation.

Next.js & Supabase Testing Patterns

Provides comprehensive testing patterns and implementation guides for Next.js App Router and Supabase applications using Vitest and Playwright.

Code Quality and Validation

Enforces project standards and syntax correctness through automated linting and static analysis tools.

Quality Gate

Enforces high-quality code standards by automatically running linting, formatting, and build checks before every commit or pull request.

Automated Security Scan

Performs comprehensive security audits to identify vulnerabilities and ensure secure coding practices across multiple programming languages.

Rails Minitest Expert

Provides expert guidance on testing Rails applications using Minitest, covering everything from unit tests to full system browser simulations.

Red Team Methodology & Bug Bounty Tools

Automates security reconnaissance and vulnerability discovery using proven red team methodologies and industry-standard security tools.

Bats Shell Testing Patterns

Masters the Bash Automated Testing System (Bats) to create comprehensive unit tests and CI/CD validation for shell scripts.

Systematic Debugging

Enforces a rigorous, evidence-based debugging workflow to identify root causes before proposing code fixes.

Web Application Testing Toolkit

Automates local web application testing and browser interaction using Playwright and integrated server management utilities.

Lint and Validate

Ensures code quality and project standards by performing automatic linting, type-checking, and static analysis after every modification.

Quality Validation

Ensures task completion by verifying that code, documentation, and research deliverables align precisely with original user requirements.

Code Quality Evaluation (The Crucible)

Orchestrates eight specialized AI agents to perform deep code reviews across naming, security, complexity, and testing dimensions.