Security & Testing Claude 技能

TDD Workflow

Implements a rigorous test-driven development cycle by writing failing tests before coding the implementation.

Rails TDD Workflow

Implements a disciplined Test-Driven Development cycle for Ruby on Rails applications using a structured Red-Green-Refactor framework.

Testing Patterns

Implements standardized testing patterns for unit, integration, and E2E tests with built-in mocks for modern cloud services.

Security Reviewer

Analyzes code for OWASP Top 10 vulnerabilities, secrets exposure, and insecure implementation patterns to ensure production-grade security.

Security Best Practices & Patterns

Implements production-grade security patterns and OWASP best practices for authentication, input validation, and data protection.

SEO & Accessibility Analyzer

Audits web source files for SEO best practices and WCAG 2.1 AA accessibility compliance.

Secret Scanner

Scans git repositories for hardcoded secrets, credentials, and API keys to prevent security breaches and data leaks.

Accessibility Self-Check

Validates generated UI code against WCAG 2.1 AA standards to ensure highly accessible and compliant web components.

TypeScript Testing Pro

Implements professional TypeScript testing patterns using Jest and Vitest to ensure high-quality, reliable code.

Container Security Scanner

Audits Dockerfiles for best practices and scans container images for security vulnerabilities using industry-standard tools like Hadolint and Trivy.

SCA Runner

Runs Software Composition Analysis (SCA) to identify and mitigate vulnerabilities in project dependencies across multiple languages.

OpenSpec Change Verifier

Validates that code implementations align perfectly with specifications, tasks, and design documents before archiving changes.

Python Testing Specialist

Implements comprehensive Python testing strategies using pytest, including unit tests, integration tests, and advanced mocking patterns.

DevSecOps Guideline Lookup

Provides comprehensive guidance on DevSecOps phases, security tools, and CI/CD integration patterns based on OWASP standards.

Web3 Smart Contract Testing

Automates comprehensive smart contract validation using Hardhat and Foundry frameworks for robust blockchain applications.

Authentication & Authorization Patterns

Implements secure access control systems using industry-standard patterns like JWT, OAuth2, and RBAC to protect web applications and APIs.

Security Ownership Map & Git Risk Analyzer

Analyzes Git history to map code ownership, identify security risks like low bus factors, and visualize developer-to-file topologies.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, fixtures, mocking, and advanced patterns for robust software quality.

E2E Testing Patterns

Implement reliable, high-performance end-to-end test suites using industry-standard patterns for Playwright and Cypress.

Advanced Debugging Strategies

Implements systematic debugging workflows, root cause analysis, and performance profiling across multiple programming languages and environments.

Strict Verification Gate

Enforces rigorous evidence-based verification before making any claims of task completion or success.

AI Agent Evaluation Framework

Builds robust evaluation frameworks to measure performance, validate context engineering, and track improvements in agentic systems.

Verification & Quality Assurance

Ensures codebase reliability through automated truth scoring, quality verification, and instant git-based rollback systems.

Code Reviewer

Automates comprehensive code audits using research-backed security standards, performance pattern detection, and automated quality enforcement.

Golang Testing Standards

Enforces BDD-style unit testing practices and standardizes Golang test structures using Ginkgo and Gomega.

Safe Code Refactoring

Refactors complex codebases safely using characterization tests, incremental changes, and automated verification to ensure behavior preservation.

Dependency Tracker

Audits and aligns project dependencies with infrastructure documentation to ensure security, consistency, and clean codebases.

Team Review

Orchestrates a multi-agent team of specialized AI reviewers to perform comprehensive security, architectural, and performance code reviews.

OWASP Security Reviewer

Performs automated security audits and OWASP Top 10 compliance checks on pull requests, commits, or entire codebases.

Systematic Bug Fixer

Resolves software defects through automated test-driven reproduction, root cause analysis, and rigorous regression verification.