Security & Testing Claude 技能

Auth & Security Code Reviewer

Performs deep security audits of authentication and authorization logic, ensuring compliance with OAuth 2.1, JWT standards, and MCP protocols.

Test Coverage Analysis

Analyzes code coverage metrics, identifies testing gaps, and provides actionable recommendations to improve software quality.

GitHub Action SHA Pinning Guide

Secures CI/CD pipelines by enforcing immutable SHA-256 commit pinning for GitHub Actions to prevent supply chain attacks.

NPM Package Maintenance

Optimizes and secures Node.js projects by automating dependency updates, vulnerability fixes, and package categorization.

Kubernetes RBAC Security Templates

Secures Kubernetes clusters by enforcing OPA-based RBAC policies that prevent privilege escalation and wildcard permissions.

TDD Failure Recovery

Recovers from unexpected test behaviors and TDD cycle issues using standardized rollback and diagnostic protocols.

Web App Testing Toolkit

Automates local web application testing and browser interaction using Playwright and integrated server management.

70% Test Coverage Guard

Ensures all new code changes meet a 70% test coverage threshold while verifying that the full test suite, linting, and compilation remain passing.

AL Test-Driven Development (TDD)

Implements rigorous Red-Green-Refactor patterns for AL development using telemetry-based verification to ensure correct code path execution.

Kubernetes Sealed Secrets Generator

Automates the creation and encryption of Kubernetes Sealed Secrets for secure storage in Git repositories.

Security Code Auditor

Conducts comprehensive security audits and vulnerability checks to identify potential threats and compliance issues in source code.

Automated Build & Test

Automatically detects, builds, and tests code changes across multiple programming languages and project types.

Systematic Dev Debugger

Facilitates a rigorous, evidence-based debugging workflow using automated investigation loops and regression-first testing.

Python Security Auditor

Audits Python codebases for security vulnerabilities, hardcoded secrets, and dependency risks using industry-standard tools and secure coding patterns.

GitHub Pull Request Reviewer

Automates comprehensive code reviews by creating isolated git worktrees and providing structured analysis across security, quality, and performance.

Python Testing Strategy

Implements comprehensive Pytest suites for Python libraries using advanced patterns like property-based testing and automated CI configurations.

Security Review & Vulnerability Analysis

Conducts deep adversarial security audits of API endpoints, UI flows, and database interactions to identify and fix vulnerabilities.

FoundationDB Simulation Testing

Facilitates the creation of deterministic, chaos-driven simulation workloads for FoundationDB using Rust.

Bats Shell Testing Patterns

Master the Bash Automated Testing System (Bats) to implement robust, unit-tested shell scripts and CI/CD pipelines.

Dify Frontend Testing

Generates production-grade Vitest and React Testing Library tests for Dify frontend components, hooks, and utilities.

TDD Powerhouse Workflow

Orchestrates a systematic Test-Driven Development cycle using behavioral guidance, semantic code intelligence, and persistent progress tracking.

Competitive Analysis Quality Assurance

Validates the accuracy, consistency, and source integrity of competitive research deliverables to ensure they meet enterprise consulting standards.

Frontend Testing Expert

Generates high-quality Vitest and React Testing Library tests for frontend components, hooks, and utilities following best practices.

MoAI Foundation TRUST Quality Framework

Enforces the TRUST 4 principles—Test First, Readable, Unified, and Secured—to ensure enterprise-grade software quality and governance.

Scale Game Analysis

Exposes fundamental architectural truths and hidden bottlenecks by testing software logic at extreme scales.

MOVA Evidence & Proof Verification

Generates deterministic evidence-first reports and proof kits for safe, verifiable code modifications and security audits.

Systematic Debugging

Investigates and resolves software bugs through a structured process of reproduction, root cause analysis, and regression testing.

Accessibility Checker

Verifies WCAG 2.1 Level AA compliance for React and HTML components to ensure inclusive and accessible user interfaces.

Hookify Rule Manager

Streamlines the creation and configuration of Hookify rules to enforce security guardrails and coding standards within Claude Code.

QA Test Planning & Strategy

Generates comprehensive test plans including scenario matrices, environment checklists, and reporting protocols for software releases.