Security & Testing Claude 技能

Dependency Security Scan

Analyzes project dependencies across multiple ecosystems to detect, report, and automatically fix known security vulnerabilities and CVEs.

Hook Register

Validates and registers version-controlled hook manifests to automate governance and enforcement within the Betty infrastructure.

Hook Simulator

Tests and validates Betty Framework hook manifests to ensure correct trigger logic and command execution before deployment.

STRIDE Threat Model Generator

Generates comprehensive STRIDE-based threat models with automated risk scoring and actionable mitigation strategies.

AI Security & LLM Guardrails

Secures LLM applications by implementing prompt injection detection, PII redaction, and output content filtering.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all code is verified by failing tests before implementation.

PII Redaction Enforcer

Automatically redacts sensitive personal data from logs and outputs to ensure regulatory compliance and data privacy.

Verification Before Completion

Enforces a rigorous verification-first workflow by requiring fresh command evidence before any completion or success claims are made.

Browser Testing with Bugster

Automates end-to-end testing of web applications using AI-powered test generation and execution via the Bugster CLI.

Root Cause Tracing

Systematically traces software bugs backward through the execution stack to identify and resolve original triggers.

Windows Privilege Escalation Expert

Provides expert guidance and automated command patterns for escalating privileges on Windows systems during security audits.

Linux Privilege Escalation

Identifies and exploits Linux privilege escalation vectors including SUID binaries, sudo misconfigurations, and kernel vulnerabilities.

Security File Transfer Techniques

Facilitates advanced file transfers and data exfiltration across Linux and Windows using diverse protocols and living-off-the-land techniques.

Automated Testing & Verification

Automates the discovery, execution, and verification of software tests across unit, integration, web, and desktop environments.

Testing Test Writing

Guides the strategic creation of tests by focusing on core user flows and behavioral outcomes while maintaining development velocity.

Active Directory Attack Toolkit

Conducts professional Active Directory penetration testing and security assessments using industry-standard tools and methodologies.

Authentication & Identity Management

Implements secure authentication and authorization systems including JWT, OAuth2, OIDC, and role-based access control.

Modern Rust Tooling & Workflow

Guides developers through the 2025 Rust ecosystem with expert patterns for testing, security auditing, and performance profiling.

Phishing and Social Engineering Toolkit

Conducts authorized social engineering assessments, phishing simulations, and credential harvesting to test organizational security awareness.

Rust Error Handling Advisor

Analyzes Rust code to implement idiomatic error handling using Result types, context propagation, and custom error enums.

Rust Property Testing Guide

Generates robust property-based tests using proptest to automatically discover edge cases in Rust algorithms and data structures.

Vulnerability Patterns Index

Provides a centralized index for routing Claude to universal and language-specific security vulnerability detection patterns.

Wireless Attack & Security Testing

Automates and guides wireless network security assessments, including WPA/WPA2 cracking, WPS exploitation, and Evil Twin attacks.

Baselayer Analysis & Investigation

Employs an evidence-based methodology to investigate codebases, diagnose root causes, and map system architectures with calibrated confidence levels.

Testing Pest

Generates comprehensive Pest test suites for Laravel projects, ensuring high coverage across controllers, services, and Livewire components with standardized organizational patterns.

Factory Quality Validator

Ensures the quality and schema compliance of generated components through automated validation, scoring, and auto-fixing.

Refactoring Analysis

Analyzes codebases to identify technical debt, architectural complexity, and refactoring opportunities across multiple programming languages.

Test Compliance Validator

Validates test code quality by detecting fake success patterns, improper mocking, and ensuring robust integration testing standards.

Vault Operations

Automates HashiCorp Vault administration, secret management, and secure identity-based access control.

Security Audit Reporting

Generates standardized, professional security audit reports with automated severity classification and ASVS mapping.