Security & Testing Claude 技能

Dogfood Web QA & Exploratory Testing

Automates systematic exploratory testing and bug hunting for web applications with detailed reproduction evidence.

Strict Verification Gate

Enforces a rigorous evidence-before-claims discipline by requiring fresh verification evidence before any task is marked as complete.

Accessibility Auditor

Audits web and mobile applications for WCAG 2.2 AA compliance using automated tools, manual findings, and deep code analysis.

Testing Automation Workflow

Orchestrates comprehensive unit, integration, and end-to-end testing cycles with seamless CI/CD integration.

Clerk Authentication & User Management

Implements secure authentication flows and role-based access control using Clerk for modern web applications.

Bitwarden Secret Unlocker

Automatically unlocks Bitwarden vaults and injects project-specific secrets directly into your development environment.

Chaos Engineering Setup

Implements robust chaos engineering practices and tools to validate system resilience and fault tolerance through controlled experimentation.

Project Production Auditor

Performs automated production-readiness audits to identify security risks, code quality issues, and infrastructure gaps in AI-generated projects.

BMAD Test Design

Designs comprehensive test scenarios and architecture ahead of development to ensure robust software quality and coverage.

Address Sanitizer

Detects memory safety vulnerabilities and errors in C and C++ programs using AddressSanitizer instrumentation.

Testing Framework Helper

Generates comprehensive unit, integration, and E2E test suites across multiple languages and frameworks using industry best practices.

SARIF Security Parsing

Parses and analyzes Static Analysis Results Interchange Format (SARIF) files to streamline security vulnerability management and tool integration.

Non-Functional Requirement (NFR) Assessment

Validates software implementation against non-functional requirements to ensure architectural integrity and performance standards.

Test Architecture Review

Validates the quality and architecture of written tests using the specialized BMAD TEA agent.

TDD Bug Fixer for Go

Automates the bug-fixing process in Go projects using Test-Driven Development (TDD) and semantic code search.

Playwright-Unworld

Automates web browsers using deterministic seed-based state derivation to eliminate flaky tests and race conditions.

Comprehensive Security Analysis

Performs deep-dive security audits and vulnerability assessments across diverse technology stacks to identify and remediate risks.

Go Architecture Test Manager

Enforces Hexagonal Architecture and DDD constraints by automatically generating and updating Go architecture tests.

BMAD Test Framework Architect

Initializes production-ready test framework architectures to ensure robust software quality and scalable validation structures.

Code Review Expert

Performs comprehensive security, performance, and best-practice reviews of git changes, commits, and pull requests.

Secret Detection Rule Optimizer

Standardizes the modification and performance benchmarking of secret detection rules to ensure high-speed, accurate scanning.

Inspequte Rule Authoring

Streamlines the creation and testing of static analysis rules for Java applications using the Inspequte engine.

Test-Driven Development (TDD)

Enforces a rigorous Red-Green-Refactor methodology to ensure code correctness through disciplined test-first development.

Test Traceability

Maps project requirements to test cases to ensure comprehensive coverage and informed quality gate decisions.

Tribal Village Project Validator

Automates the standard local validation and testing suite for the Tribal Village Nim project.

Svelte Testing

Facilitates the creation and debugging of Svelte 5 tests using vitest-browser-svelte and Playwright.

Project Bootstrap for Doc Detective

Automatically initializes Doc Detective workflows by detecting documentation, generating configurations, and creating validated tests.

OSS-Fuzz Integration

Integrates Claude Code with OSS-Fuzz to automate continuous fuzzing and identify memory safety vulnerabilities in open-source projects.

Run and Triage

Executes shell commands and provides automated root-cause analysis for any resulting failures.

Systematic Debugging Framework

Enforces a rigorous four-phase debugging workflow to identify root causes and ensure reliable software fixes before attempting implementation.