Security & Testing Claude 技能

E2E Testing Patterns

Implement reliable, high-performance end-to-end test suites using industry-standard patterns for Playwright and Cypress.

AI Agent Evaluation Framework

Builds robust evaluation frameworks to measure performance, validate context engineering, and track improvements in agentic systems.

Python Testing Specialist

Implements comprehensive Python testing strategies using pytest, including unit tests, integration tests, and advanced mocking patterns.

Security Ownership Map & Git Risk Analyzer

Analyzes Git history to map code ownership, identify security risks like low bus factors, and visualize developer-to-file topologies.

Dependency Tracker

Audits and aligns project dependencies with infrastructure documentation to ensure security, consistency, and clean codebases.

Code Reviewer

Automates comprehensive code audits using research-backed security standards, performance pattern detection, and automated quality enforcement.

Debugging Memory

Prevents redundant troubleshooting by integrating a persistent, searchable memory system for software bugs and resolutions.

OpenSpec Change Verifier

Validates that code implementations align perfectly with specifications, tasks, and design documents before archiving changes.

TypeScript Testing Pro

Implements professional TypeScript testing patterns using Jest and Vitest to ensure high-quality, reliable code.

Golang Testing Standards

Enforces BDD-style unit testing practices and standardizes Golang test structures using Ginkgo and Gomega.

TON Smart Contract Vulnerability Scanner

Audits TON blockchain smart contracts written in FunC to identify critical security vulnerabilities and logic errors.

Systematic Debugging

Enforces a rigorous, four-phase debugging methodology to identify root causes and implement stable fixes without guesswork.

Test-Driven Development (TDD)

Enforces a strict test-first development workflow by requiring failing tests before any production code is written.

Rigorous Verification Guard

Enforces a strict evidence-based workflow requiring successful command execution and output validation before any task is marked as complete.

Council Verification & Multi-Model Validation

Verifies code implementation and document accuracy using multi-model consensus to ensure high-quality, machine-actionable results.

Security Review Methodology

Analyzes implementation changes for security vulnerabilities and risks using a structured framework based on industry best practices.

Systematic Debugging

Employs a disciplined methodology to identify and resolve the root causes of software bugs rather than masking symptoms.

Promptfoo Config

Streamlines the configuration and execution of promptfoo for rigorous LLM evaluation and regression testing.

Dependency Reviewer & Security Auditor

Audits project dependencies for security vulnerabilities, license compliance risks, and version staleness across multiple programming ecosystems.

Test Suite Generator

Generates comprehensive, framework-agnostic test suites with deep coverage analysis and parallel test writing.

OWASP Security Reviewer

Performs automated security audits and OWASP Top 10 compliance checks on pull requests, commits, or entire codebases.

1Password Secret Creator

Automates the creation of secure 1Password items including logins, API keys, and notes via the 1Password CLI.

Systematic Bug Fixer

Resolves software defects through automated test-driven reproduction, root cause analysis, and rigorous regression verification.

1Password Secrets Reader

Retrieves credentials, API keys, and secure documents from 1Password using the official op CLI integration.

Team Review

Orchestrates a multi-agent team of specialized AI reviewers to perform comprehensive security, architectural, and performance code reviews.

Safe Code Refactoring

Refactors complex codebases safely using characterization tests, incremental changes, and automated verification to ensure behavior preservation.

Sniper Code Quality Check

Validates code quality and applies precision fixes using an isolated, 6-phase automated workflow.

Testing Guide & Methodology

Implements a comprehensive three-layer testing strategy covering structural validation, semantic intent, and system performance optimization.

Infrastructure Testing & Security

Validates infrastructure configurations and deployments through automated security scanning, cost analysis, and post-deployment verification.

DeepEval LLM Testing

Implements robust pytest-style evaluation frameworks to measure LLM performance, RAG quality, and output faithfulness.